CVE-2025-62503

MEDIUM

Unknown - Privilege Escalation

Title source: llm

Description

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

References (2)

Scores

CVSS v3 4.6
EPSS 0.0015
EPSS Percentile 34.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Classification

CWE
CWE-250
Status published

Affected Products (2)

apache/airflow < 3.1.1
pypi/apache-airflow < 3.1.1PyPI

Timeline

Published Oct 30, 2025
Tracked Since Feb 18, 2026