- Description
- A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- airflow_providers_http
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@apache.org
- CWE-913
- Hype score
- Not currently trending
CVE-2025-69219/poc.py at main · sak110/CVE-2025-69219 · GitHub https://t.co/L1Re7g58Ux
@akaclandestine
11 Mar 2026
1321 Impressions
2 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
GitHub - sak110/CVE-2025-69219 · GitHub https://t.co/AgzmxwI1qY
@akaclandestine
11 Mar 2026
1389 Impressions
4 Retweets
17 Likes
8 Bookmarks
0 Replies
0 Quotes
GitHub - sak110/CVE-2025-69219 · GitHub - https://t.co/SS9tF8BLlD
@piedpiper1616
11 Mar 2026
490 Impressions
4 Retweets
3 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-69219 A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permiss… https://t.co/pxFCR1zRbd
@CVEnew
9 Mar 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-69219 - High A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since... https://t.co/AfLLKxhBge https://t.co/NVw4OPd35J
@TheHackerWire
9 Mar 2026
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: CVE-2025-69219 - Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator Intel Report: https://t.co/vYpbo7mTF3
@cyberbivash
9 Mar 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69219 CVE-2025-69219 https://t.co/PL1Wn4gb2c Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
9 Mar 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69219: Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator https://t.co/cEaSeVyO2e
@oss_security
9 Mar 2026
477 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:airflow_providers_http:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B59A3356-B515-48EC-A6ED-060EC1F4A025",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]