- Description
- A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@apache.org
- CWE-913
- Hype score
- Not currently trending
🟠 CVE-2025-69219 - High A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since... https://t.co/AfLLKxhBge https://t.co/NVw4OPd35J
@TheHackerWire
9 Mar 2026
48 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CYBERDUDEBIVASH SENTINEL APEX ALERT 🚨 Threat: CVE-2025-69219 - Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator Intel Report: https://t.co/vYpbo7mTF3
@cyberbivash
9 Mar 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69219 CVE-2025-69219 https://t.co/PL1Wn4gb2c Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
9 Mar 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-69219: Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator https://t.co/cEaSeVyO2e
@oss_security
9 Mar 2026
450 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes