QwikSec

Security Database

CVE

CWE

Training

CVE-2025-66388

Published: Dec 15, 2025

Modified: Dec 16, 2025

PUBLISHED

Description

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	affected `3.1.0 - < 3.1.4`

Weaknesses (CWE)

References

https://github.com/apache/airflow/pull/58772

patch

https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.