CVE-2025-50213

CRITICAL LAB

Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection

Title source: llm

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-50213

View Code ZIP pw:eip

References (2)

[Issue Tracking, Patch] https://github.com/apache/airflow/pull/51734

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

Scores

CVSS v3 9.8

EPSS 0.0049

EPSS Percentile 65.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

EIP LAB

Docker Lab

patched docker pull ghcr.io/exploitintel/cve-2025-50213-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-50213-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-75

Status published

Products (2)

apache/apache-airflow-providers-snowflake < 6.4.0

pypi/apache-airflow-providers-snowflake 0 - 6.4.0PyPI

Published Jun 24, 2025

Tracked Since Feb 18, 2026