CVE-2025-66388

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-66388

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66388.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-66388

Aliases

Downstream

MINI-vxhx-rmxh-q79x

Published

2025-12-15T12:15:40.573Z

Modified

2026-03-14T12:44:46.740043Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.

Users are recommended to upgrade to version 3.1.4, which fixes this issue.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type

GIT

Repo

https://github.com/apache/airflow

Events

Introduced

8cdef3e855527b8a431666b0ce9f3ffd43d14955

Fixed

b113006af61b53feb86c6d328cf0f7fd7283d6df

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.4"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66388.json"