CVE-2025-50213

CRITICAL

Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection

Title source: llm

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-50213

View Code ZIP pw:eip

References (2)

[Issue Tracking, Patch] https://github.com/apache/airflow/pull/51734

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

Scores

CVSS v3 9.8

EPSS 0.0013

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-75

Status published

Affected Products (2)

apache/apache-airflow-providers-snowflake < 6.4.0

pypi/apache-airflow-providers-snowflake < 6.4.0PyPI

Timeline

Published Jun 24, 2025

Tracked Since Feb 18, 2026