CVE-2025-62402 | Apache Airflow up to 3.1.0 API /api/v2/dagReports code injection

Inserito da Angelo Barbosa | Ott 30, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Apache Airflow up to 3.1.0. This affects an unknown part of the file /api/v2/dagReports of the component API. This manipulation causes code injection.

This vulnerability is handled as CVE-2025-62402. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2025-62402 | Apache Airflow up to 3.1.0 API /api/v2/dagReports code injection

Post correlati

CVE-2024-41564 | EMI up to 1.1.10 on Minecraft range error

CVE-2024-47126 | goTenna Pro Series up to 1.6.1 weak prng (icsa-24-270-04)

CVE-2023-46919 | Simple HTTP Server/Simple HTTP Server PLUS 1.8 hard-coded key

CVE-2024-38818 | VMware NSX/Cloud Foundation Group Role privileges management