CVE-2025-50213

CRITICAL LAB

Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50213. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating SQL injection in Apache Airflow Providers Snowflake via the CopyFromExternalStageToSnowflakeOperator. It includes multiple PoC scripts that confirm the vulnerability and bypass incomplete fixes in version 6.4.0.

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-50213

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating SQL injection in Apache Airflow Providers Snowflake via the CopyFromExternalStageToSnowflakeOperator. It includes multiple PoC scripts that confirm the vulnerability and bypass incomplete fixes in version 6.4.0.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Apache Airflow Providers Snowflake < 6.4.0

No auth needed

Prerequisites: Apache Airflow Providers Snowflake 6.3.1 or 6.4.0 · Docker environment for lab setup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking, Patch patch

https://github.com/apache/airflow/pull/51734

Mailing List, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

Scores

CVSS v3 9.8

EPSS 0.0049

EPSS Percentile 66.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

Docker Lab

patched docker pull ghcr.io/exploitintel/cve-2025-50213-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-50213-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-75

Status published

Products (2)

apache/apache-airflow-providers-snowflake < 6.4.0

pypi/apache-airflow-providers-snowflake 0 - 6.4.0PyPI

Published Jun 24, 2025

Tracked Since Feb 18, 2026