Parameter Validation Issue in Apache Airflow Affects Custom DAGs
CVE-2025-54941

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Airflow
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-54941?

A vulnerability in Apache Airflow's example_dag_decorator allows for parameter manipulation, potentially leading to unauthorized redirection of users to malicious servers and executing arbitrary code on worker nodes. This issue arises when example DAGs are enabled in production or their code is replicated for custom use. Users who leverage the example_dag_decorator should carefully review their implementation and apply the mitigation measures as outlined in Airflow version 3.0.5.

Affected Version(s)

Apache Airflow 3.0.0

References

https://lists.apache.org/thread/c6q6nofc6xl5bms039ks9b34v...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Aug 1, 2025

Credit

Nacl

JSON