QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-54941

Back to search

CVE-2025-54941

Published: Oct 30, 2025

Modified: Feb 26, 2026

PUBLISHED

Description

An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly.

VendorProductVersions

Apache Software Foundation

Apache Airflow

affected
3.0.0 - < < 3.0.5

Weaknesses (CWE)

CWE-78

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now