CVE-2025-69219
Last modified
CVE-2025-69219 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.. EPSS estimates a 0.69% chance of exploitation in the next 30 days.
Description
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Airflow Providers Http | >= 5.1.0, < 6.0.0 |
References
- https://github.com/apache/airflow/pull/61662Issue Tracking, Patch
- http://www.openwall.com/lists/oss-security/2026/03/09/1Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-69219?
How severe is CVE-2025-69219?
How do I fix CVE-2025-69219?
Are you affected by CVE-2025-69219?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST