CVE-2025-54550
Published: 15 April 2026
Summary
CVE-2025-54550 is a high-severity Code Injection (CWE-94) vulnerability in Apache Airflow. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-8 (Security and Privacy Engineering Principles) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents code injection by requiring validation and error handling of untrusted XCom values read in Airflow DAG tasks before execution.
Incorporates security engineering principles like input validation and secure deserialization to avoid unsafe XCom reading patterns in custom DAG implementations.
Ensures identification, reporting, and correction of the code injection flaw in user implementations replicating the vulnerable example DAG.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-94 code injection in Airflow XCom handling directly enables arbitrary Python code execution on workers via UI modification (T1059.006) and exploitation of the exposed application interface (T1190).
NVD Description
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code…
more
on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability. It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case. Users who followed that pattern are advised to adjust their implementations accordingly.
Deeper analysisAI
CVE-2025-54550 affects the example_xcom DAG included in the Apache Airflow documentation, which implements an unsafe pattern for reading values from XCom. This flaw could enable a UI user with access to modify XComs to execute arbitrary code on the Airflow worker. The vulnerability does not impact Airflow releases themselves, as example DAGs are not intended for production environments, but it may affect users who replicated this pattern in their own implementations. It is classified under CWE-94 (Code Injection) with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and was published on 2026-04-15.
A UI user with low privileges (PR:L) and network access can exploit the vulnerability with low attack complexity. Exploitation allows arbitrary code execution on the worker, resulting in high impacts to confidentiality and integrity but no availability disruption. The low privileges required align with the trust model for Airflow UI users, contributing to its low severity rating despite the elevated CVSS score.
Advisories recommend that users who followed the unsafe XCom reading pattern adjust their implementations for resilience. Airflow 3.2.0 documentation includes an improved version of the example_xcom DAG addressing this issue. Key references include the Apache Airflow GitHub pull request at https://github.com/apache/airflow/pull/63200, the Apache mailing list thread at https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1, and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2026/04/15/1.
Details
- CWE(s)