CVE-2025-5874 | Redash up to 10.1.0/25.1.0 getattr /query_runner/python.py run_query sandbox

Inserito da Angelo Barbosa | Giu 8, 2025 | CVE

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue.

The identification of this vulnerability is CVE-2025-5874. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5874 | Redash up to 10.1.0/25.1.0 getattr /query_runner/python.py run_query sandbox

Post correlati

CVE-2024-45550 | Qualcomm Snapdragon Compute FastConnect 6900 up to WSA8845 IOCTL Call array index

CVE-2024-27054 | Linux Kernel up to 5.15.152/6.1.82/6.6.22/6.7.10/6.8.1 s390 Privilege Escalation

CVE-2024-7687 | AZIndex Plugin up to 0.8.1 on WordPress cross-site request forgery

CVE-2024-34048 | O-RAN RIC I-Release e2mgr E2nodeConfigUpdateNotificationHandler array index