CVE-2025-69219
Received Received - Intake
Code Injection via Malicious DB Entries in Apache Airflow Triggerer

Publication date: 2026-03-09

Last updated on: 2026-03-10

Assigner: Apache Software Foundation

Description
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69219
EUVD
EUVD-2025-208401
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache airflow_providers_http From 5.1.0 (inc) to 6.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-913 The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69219 is a security vulnerability in the Apache Airflow Providers Http package versions 5.1.0 up to but not including 6.0.0. It involves an unsafe pickle deserialization flaw within the HttpOperator component. A user with access to the Airflow database can craft a malicious database entry that, when processed by the Triggerer service, results in arbitrary code execution. This means that anyone with database access can gain the same permissions as a DAG author.

However, since direct database access is uncommon and not recommended in Airflow deployments, the practical risk of this vulnerability causing damage is considered low.

The vulnerability is addressed by upgrading to version 6.0.0 or later of the apache-airflow-providers-http package, which replaces the insecure pickle serialization with safer JSON serialization for HTTP trigger responses.

Impact Analysis

If exploited, this vulnerability allows an attacker with access to the Airflow database to execute arbitrary code on the Triggerer service. This effectively grants the attacker the same permissions as a DAG author, potentially allowing them to manipulate workflows or perform unauthorized actions within Airflow.

However, because direct database access is not common and is generally discouraged in Airflow environments, the likelihood of this vulnerability being exploited to cause harm is low.

To avoid this risk, it is recommended to upgrade to version 6.0.0 or later of the apache-airflow-providers-http package, which mitigates the vulnerability by changing the serialization method.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2025-69219 vulnerability, you should upgrade the apache-airflow-providers-http package to version 6.0.0 or later.

This update replaces the unsafe pickle serialization used in HTTP triggers with a safer JSON serialization method, eliminating the risk of remote code execution via crafted database entries.

Additionally, since direct database access is uncommon and not recommended in Airflow deployments, limiting or restricting direct DB access further reduces risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69219. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart