Apache Airflow: Connection sensitive details exposed to users with READ permissions
Description
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values.
In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS configuration option.
This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior.
Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Airflow 3.0.3, users with READ permissions can view sensitive connection fields via the API and UI, violating the intended write-only model.
Vulnerability
Overview
CVE-2025-54831 affects Apache Airflow 3.0.3. The intended design in Airflow 3 was to restrict access to sensitive connection fields to Connection Editing Users only, implementing a write-only model for sensitive values. However, in version 3.0.3, this model was unintentionally broken: sensitive connection information became readable by users with READ permissions through both the API and the UI [1][2].
Attack
Vector and Prerequisites
An attacker with READ permissions on connections can exploit this vulnerability to view sensitive fields (e.g., passwords, tokens) that should have been hidden. The issue also bypasses the AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS configuration option, meaning even if that option was set, the sensitive data was still exposed [2][3]. No authentication bypass is required; the attacker simply needs an account with READ-level access to connections.
Impact
The vulnerability directly exposes sensitive credentials stored in Airflow connections. An attacker gaining access to these values could potentially pivot to other systems or services that those connections target, escalating the scope of compromise. This breaks the confidentiality guarantee that Airflow 3 intended to provide for connection secrets.
Mitigation and
Status
Apache has released Airflow 3.0.4 which fixes the issue. Users running Airflow 3.0.3 are strongly advised to upgrade to 3.0.4 or later [2][3]. Airflow 2.x is not affected, as exposing sensitive information to connection editors was the documented behavior in that release line [2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | >= 3.0.3, < 3.0.4 | 3.0.4 |
Affected products
2- Apache Software Foundation/Apache Airflowv5Range: 3.0.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-q475-2pgm-7hvpghsaADVISORY
- lists.apache.org/thread/vblmfqtydrp5zgn2q8tj3slk5podxspfghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-54831ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/09/25/4ghsaWEB
News mentions
0No linked articles in our index yet.