CVE-2025-69219

CVE-2025-69219

HIGH CVSS 3.1: 8.8 EPSS 0.02%

Parameter	Value
CVSS	8.8 (HIGH)
Fixed In	6.0.0
Type	CWE-913
Public PoC	No

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-913

References 3

https://github.com/apache/airflow/pull/61662

security@apache.org

https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0

security@apache.org

http://www.openwall.com/lists/oss-security/2026/03/09/1

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Menu

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Menu

CVE-2025-69219

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 3

CVE Details

Editor's Choice

Stay informed on cybersecurity