Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-27555
Analyzed
More InfoOfficial Page
Source-security@apache.org
View Known Exploited Vulnerability (KEV) details
Published At-24 Feb, 2026 | 10:16
Updated At-24 Feb, 2026 | 21:04

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
The Apache Software Foundation
apache
>>airflow>>Versions before 2.11.1(exclusive)
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-201Secondarysecurity@apache.org
CWE-532Primarynvd@nist.gov
CWE ID: CWE-201
Type: Secondary
Source: security@apache.org
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/apache/airflow/pull/61882security@apache.org
Issue Tracking
https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkwsecurity@apache.org
Mailing List
Vendor Advisory
Hyperlink: https://github.com/apache/airflow/pull/61882
Source: security@apache.org
Resource:
Issue Tracking
Hyperlink: https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw
Source: security@apache.org
Resource:
Mailing List
Vendor Advisory
Change History
0Changes found
Details not found