{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54550", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-07-24T21:10:16.628Z", "datePublished": "2026-04-15T00:22:03.305Z", "dateUpdated": "2026-04-15T03:03:33.178Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.python.org", "defaultStatus": "unaffected", "packageName": "apache-airflow", "product": "Apache Airflow", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Vincent55 Yang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The example <code>example_xcom</code>&nbsp;that was included in airflow documentation implemented unsafe pattern of reading value<br>from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary<br>execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.</p><p>It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however<br>users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of<br>the example with improved resiliance for that case.</p>Users who followed that pattern are advised to adjust their implementations accordingly.<br><br>"}], "value": "The example example_xcom\u00a0that was included in airflow documentation implemented unsafe pattern of reading value\nfrom xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary\nexecution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.\n\nIt does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however\nusers following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of\nthe example with improved resiliance for that case.\n\nUsers who followed that pattern are advised to adjust their implementations accordingly."}], "metrics": [{"other": {"content": {"text": "Low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-15T00:22:03.305Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1"}, {"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/63200"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow: RCE by race condition in example_xcom dag", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/15/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-15T03:03:33.178Z"}}]}}

{}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.2.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache Airflow", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "airflow", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-15T02:21:28.301704+00:00", "value": {"mitigation_remediation": ["Identify and remove any DAGs that contain the example_xcom pattern, especially if deployed outside the documentation context.", "Replace the unsafe XCom retrieval logic in existing DAGs with the safe method demonstrated in the Airflow\u00a03.2.0 example, ensuring proper validation of the XCom payload.", "Disable the default example_dags directory or configure Airflow to exclude example DAGs from being scheduled in production environments.", "Review and restrict UI permissions so that only necessary personnel can write to XComs, reducing the likelihood of malicious payload injection."], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Apache Software Foundation\u2019s Airflow is the affected product. The issue appears only in DAGs that copy the example_xcom logic from the official documentation; it is not present in core Airflow releases. Users who have included the example DAG or otherwise implemented the same unsafe XCom access pattern could be affected. The Airflow 3.2.0 documentation has been updated with a safer version of the example, so upgrading to that or newer reduces the risk.", "description_and_impact": "The vulnerability arises from an unsafe pattern used in the example_xcom DAG for reading XCom values, which can be exploited when a UI user with XCom modification rights triggers a race condition that leads to arbitrary code execution on an Airflow worker. The flaw allows the user to inject and execute arbitrary Python code, resulting in a remote code execution condition. Because the attack requires a trusted UI account and the example DAGs are not intended for production use, the severity is considered low, but any system that adopts the same pattern is at risk.", "risk_and_exploitability": "Exploitation requires a user who already has the ability to write to XComs through the Airflow UI, a privilege normally held by highly trusted individuals or processes. Because the CVSS score and EPSS are not published and the vulnerability is not listed in CISA\u2019s KEV catalog, the overall exposure is low. An attacker would still need to insert malicious payload into an XCom and trigger the race condition to cause the worker to evaluate the payload, which is unlikely without the prerequisite UI access. Consequently, the risk is confined to environments where the example DAG is deployed or mirrored in production, and the exploitability is limited."}}}}, "created": "2026-04-15T13:48:23.608311+00:00", "updated": "2026-04-15T13:49:14.872409+00:00", "vendors": ["apache", "apache$PRODUCT$airflow"]}