6.5

CVE-2025-65995

EPSS 0.02%
Veröffentlicht 21.02.2026 03:15:57
Zuletzt bearbeitet 25.02.2026 14:35:46
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. 

The issue has been fixed in Airflow 3.1.4 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Airflow Version < 2.11.1

Apache ≫ Airflow Version >= 3.0.0 < 3.1.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://github.com/apache/airflow/pull/58252

Patch

Issue Tracking

https://github.com/apache/airflow/pull/61883

Patch

Issue Tracking

https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/12/12/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-65995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65995

EUVD