CVE-2025-66388

Description

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - VULNERABLE

Apache Airflow < 3.1.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# 构造恶意任务以触发敏感信息泄露

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66388
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66388
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66388/
[4] VulDB https://vuldb.com/cve/CVE-2025-66388
[5] https://github.com/apache/airflow/pull/58772
[6] https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g
[7] http://www.openwall.com/lists/oss-security/2025/12/12/1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66388", "sourceIdentifier": "[email protected]", "published": "2025-12-15T12:15:40.573", "lastModified": "2025-12-16T22:15:50.113", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.\n\nUsers are recommended to upgrade to version 3.1.4, which fixes this issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1.0", "versionEndExcluding": "3.1.4", "matchCriteriaId": "D2B9CEEB-5F6F-4119-8D56-9F416967FC39"}]}]}], "references": [{"url": "https://github.com/apache/airflow/pull/58772", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/12/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}