CVE-2025-27018 (GCVE-0-2025-27018)
Vulnerability from cvelistv5
Published
2025-03-19 09:06
Modified
2025-03-25 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider.
When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.
It could lead to data corruption, modification and others.
This issue affects Apache Airflow MySQL Provider: before 6.2.0.
Users are recommended to upgrade to version 6.2.0, which fixes the issue.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow MySQL Provider |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-19T19:02:38.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/19/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T17:45:14.899182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T17:45:20.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/apache-airflow-providers-mysql/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow-providers-mysql",
"product": "Apache Airflow MySQL Provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "6.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent55 (DEVCORE Internship Program)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Apache Airflow MySQL Provider.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.\u003cbr\u003eIt could lead to data corruption, modification and others.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow MySQL Provider: before 6.2.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Apache Airflow MySQL Provider.\n\nWhen user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.\nIt could lead to data corruption, modification and others.\nThis issue affects Apache Airflow MySQL Provider: before 6.2.0.\n\nUsers are recommended to upgrade to version 6.2.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T09:06:07.220Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/47254"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/47255"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/m8ohgkwz4mq9njohf66sjwqjdy28gvzf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow MySQL Provider: SQL injection in MySQL provider core function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-27018",
"datePublished": "2025-03-19T09:06:07.220Z",
"dateReserved": "2025-02-17T19:29:12.155Z",
"dateUpdated": "2025-03-25T17:45:20.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27018\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-03-19T09:15:14.457\",\"lastModified\":\"2025-06-03T21:11:28.860\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Apache Airflow MySQL Provider.\\n\\nWhen user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.\\nIt could lead to data corruption, modification and others.\\nThis issue affects Apache Airflow MySQL Provider: before 6.2.0.\\n\\nUsers are recommended to upgrade to version 6.2.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una instrucci\u00f3n SQL (\u0027Inyecci\u00f3n SQL\u0027) en Apache Airflow MySQL Provider. Al activar un DAG con las funciones dump_sql o load_sql, el usuario pod\u00eda pasar un par\u00e1metro de tabla desde una interfaz de usuario, lo que pod\u00eda causar una inyecci\u00f3n SQL al ejecutar SQL no previsto. Esto pod\u00eda provocar corrupci\u00f3n y modificaci\u00f3n de datos, entre otros problemas. Este problema afecta a Apache Airflow MySQL Provider anterior a la versi\u00f3n 6.2.0. Se recomienda actualizar a la versi\u00f3n 6.2.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apache-airflow-providers-mysql:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.0\",\"matchCriteriaId\":\"783CBDA8-BF8D-48C7-A980-C0E0BD9234E8\"}]}]}],\"references\":[{\"url\":\"https://github.com/apache/airflow/pull/47254\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/airflow/pull/47255\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://lists.apache.org/thread/m8ohgkwz4mq9njohf66sjwqjdy28gvzf\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/03/19/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/03/19/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-19T19:02:38.085Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-25T17:45:14.899182Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-25T17:45:06.240Z\"}}], \"cna\": {\"title\": \"Apache Airflow MySQL Provider: SQL injection in MySQL provider core function\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Vincent55 (DEVCORE Internship Program)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow MySQL Provider\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"6.2.0\", \"versionType\": \"semver\"}], \"packageName\": \"apache-airflow-providers-mysql\", \"collectionURL\": \"https://pypi.org/project/apache-airflow-providers-mysql/\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/47254\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/apache/airflow/pull/47255\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/m8ohgkwz4mq9njohf66sjwqjdy28gvzf\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Apache Airflow MySQL Provider.\\n\\nWhen user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.\\nIt could lead to data corruption, modification and others.\\nThis issue affects Apache Airflow MySQL Provider: before 6.2.0.\\n\\nUsers are recommended to upgrade to version 6.2.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Apache Airflow MySQL Provider.\u003c/p\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWhen user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended.\u003cbr\u003eIt could lead to data corruption, modification and others.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow MySQL Provider: before 6.2.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 6.2.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-03-19T09:06:07.220Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-25T17:45:20.580Z\", \"dateReserved\": \"2025-02-17T19:29:12.155Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-03-19T09:06:07.220Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…