Authentication Exposure in Apache Airflow Connections
CVE-2025-68675

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Airflow
Vendor: CVE Published:; 16 January 2026

What is CVE-2025-68675?

In versions of Apache Airflow prior to 3.1.6, the proxy fields within Connections can inadvertently expose sensitive proxy credentials due to improper handling of these fields in log outputs. Specifically, proxy URLs that include embedded authentication details are not masked, leading to potential exposure when connections are logged or displayed. To mitigate this risk, it is recommended that users upgrade to version 3.1.6 or later where this issue has been addressed.

Affected Version(s)

Apache Airflow 3.0.0 < 3.1.6

Apache Airflow 0 < 2.11.1

References

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2t...

vendor-advisory

https://github.com/apache/airflow/pull/59688

patch

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2026
Vulnerability Reserved
Dec 23, 2025

Credit

lwlkr https://github.com/kwkr

Ankit Chaurasia

CVE-2025-68675 Data

JSON