CVE-2025-5874

MEDIUM

Redash <10.1.0/25.1.0 - Sandbox Issue

Title source: llm

Description

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards."

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.311633

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.311633

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.580255

Various Sources related

https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894

Various Sources exploit

https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894#proof-of-concept

Scores

CVSS v3 4.6

EPSS 0.0008

EPSS Percentile 23.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-264 CWE-265

Status published

Products (4)

n/a/Redash 10.0

n/a/Redash 10.1.0

n/a/Redash 25.0

n/a/Redash 25.1.0

Published Jun 09, 2025

Tracked Since Feb 18, 2026