CNNVD-202510-4240 Information

CNNVD ID

CNNVD-202510-4240

Related CVE

CVE-2025-62503

• CNNVD Published: 2025-10-30

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在安全漏洞，该漏洞源于拥有CREATE权限但无UPDATE权限的用户可通过批量创建API的覆盖操作更新现有记录，可能导致权限提升。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There is a security loophole in Apache Airflow, which stems from the fact that users with CREATE privileges but without UPDATE privileges can update the existing records by creating a batch of API overlays, which may lead to an increase in privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-30

Last Modified

2026-02-24

References

https://lists.apache.org/thread/3v58249qscyn1hg240gh8hqg9pb4okcr http://www.openwall.com/lists/oss-security/2025/10/29/8

Patch

https://lists.apache.org/thread/3v58249qscyn1hg240gh8hqg9pb4okcr