{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:06:21.583","vulnerabilities":[{"cve":{"id":"CVE-2025-69219","sourceIdentifier":"security@apache.org","published":"2026-03-09T11:16:05.907","lastModified":"2026-03-10T18:58:35.607","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low.\n\nYou should upgrade to version 6.0.0 of the provider to avoid even that risk."},{"lang":"es","value":"Un usuario con acceso a la base de datos podría crear una entrada en la base de datos que resultaría en la ejecución de código en Triggerer, lo que otorga a cualquiera que tenga acceso a la base de datos los mismos permisos que a Dag Author. Dado que el acceso directo a la base de datos no es habitual ni recomendado para Airflow, la probabilidad de que cause algún daño es baja.\n\nDebería actualizar a la versión 6.0.0 del proveedor para evitar incluso ese riesgo."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-913"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow_providers_http:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"6.0.0","matchCriteriaId":"B59A3356-B515-48EC-A6ED-060EC1F4A025"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/61662","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0","source":"security@apache.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/09/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}