CVE-2025-54415
- Source
- https://cve.org/CVERecord?id=CVE-2025-54415
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54415.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54415
- Aliases
-
- GHSA-g5hx-xv45-9whg
- Published
- 2025-07-26T03:33:39.933Z
- Modified
- 2026-04-10T05:30:38.154150Z
- Severity
-
- 9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U CVSS Calculator
- Summary
- dag-factory's CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration
- Details
-
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. The workflow, specifically when triggered by pullrequesttarget, is susceptible to exploitation, allowing an attacker to execute arbitrary code within the GitHub Actions runner environment. This misconfiguration enables an attacker to establish a reverse shell, exfiltrate sensitive secrets, including the highly-privileged GITHUB_TOKEN, and ultimately gain full control over the repository. This is fixed in version 0.23.0a9.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54415.json", "cwe_ids": [ "CWE-78" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54415.json
- https://github.com/astronomer/dag-factory/security/advisories/GHSA-g5hx-xv45-9whg
- https://nvd.nist.gov/vuln/detail/CVE-2025-54415
- https://github.com/astronomer/dag-factory/commit/751c0e58369e784f6a924347e381a705ea8133fe
- https://github.com/astronomer/dag-factory/pull/460
- https://github.com/astronomer/dag-factory/pull/466
Affected packages
Git / github.com/astronomer/dag-factory
Affected ranges
- Type
- GIT
- Repo
- https://github.com/astronomer/dag-factory
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.10.0
v0.10.1
v0.11.0
v0.11.1
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.21.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.6.0
v0.7.0
v0.7.1
v0.7.2
v0.8.0
v0.9.0
v0.9.1