CVE-2025-69219

HIGH

apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-69219. PoCs published by sak110, ahmetartuc.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2025-69219, demonstrating RCE via unsafe pickle deserialization in Apache Airflow Providers HTTP. The PoC includes detailed technical analysis, root cause, patch diffs, and a working exploit script.

Description

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.

Exploits (2)

nomisec WORKING POC

by sak110 · poc

https://github.com/sak110/CVE-2025-69219

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2025-69219, demonstrating RCE via unsafe pickle deserialization in Apache Airflow Providers HTTP. The PoC includes detailed technical analysis, root cause, patch diffs, and a working exploit script.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: apache-airflow-providers-http >= 5.1.0, < 6.0.0

Auth required

Prerequisites: Direct Airflow DB write access · Vulnerable version of apache-airflow-providers-http

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 11, 2026 Full analysis →

nomisec WORKING POC

by ahmetartuc · poc

https://github.com/ahmetartuc/poc-cve-2025-69219

View Code ZIP pw:eip

This PoC demonstrates an unsafe deserialization vulnerability in Apache Airflow, where a crafted pickle payload is executed via the HttpOperator's execute_complete method, leading to remote code execution (RCE). The exploit leverages Python's pickle deserialization to trigger arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Airflow (version not specified)

Auth required

Prerequisites: Access to Airflow DAGs directory · Ability to trigger workflows via the UI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 10, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/09/1

Issue Tracking patch

https://github.com/apache/airflow/pull/61662

Mailing List vendor-advisory

https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 4.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-913

Status published

Products (2)

apache/airflow_providers_http 5.1.0 - 6.0.0

pypi/apache-airflow-providers-http 0 - 6.0.0PyPI

Published Mar 09, 2026

Tracked Since Mar 09, 2026