SQL Injection Vulnerability in OpenMetadata by OpenMetadata
CVE-2025-50467
Currently unrated
What is CVE-2025-50467?
OpenMetadata versions up to 1.4.4 are susceptible to SQL Injection attacks, primarily through the 'supportedDataTypeParam' parameter within the 'listCount' function of the TestDefinitionDAO interface. This vulnerability allows malicious users to manipulate SQL queries, leading to unauthorized access and data extraction from the underlying database. Proper validation and sanitization of user inputs are critical to mitigate this risk and protect sensitive information.