- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0. Users are recommended to upgrade to version 6.2.0, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- security@apache.org
- CWE-89
- Hype score
- Not currently trending
🔴 Apache Airflow, SQL Injection, #CVE-2025-27018 (Critical) https://t.co/ZCdarrExMc
@dailycve
3 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27018: SQL Injection Vulnerability in Apache Airflow MySQL Provider https://t.co/5yZR1mRgK3
@_cvereports
20 Mar 2025
52 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27018 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with d… https://t.co/g4dh1xGOuz
@CVEnew
19 Mar 2025
563 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes