Apache Airflow: Command injection in "example_dag_decorator"

Vulnerability

Description

CVE-2025-54941 describes a command injection vulnerability in the Apache Airflow example DAG example_dag_decorator. The DAG included a non-validated parameter that could be manipulated by a UI user to redirect the example to a malicious server, leading to arbitrary code execution on the Airflow worker. This vulnerability only exists in environments where example DAGs are explicitly enabled in production (which is not the default configuration) or where the example DAG code was copied and used as a template for custom DAGs [1][2][3].

Exploitation

Details

An attacker must have UI access to the Airflow instance and the ability to trigger the example DAG. The attack involves providing a malicious server URL through the unvalidated parameter. When the DAG executes, it connects to the attacker-controlled server, which can then deliver payloads that execute arbitrary code on the worker node. Successful exploitation requires that the victim's Airflow deployment has example DAGs enabled or has incorporated the vulnerable pattern from example_dag_decorator into their own DAGs [2][3].

Impact

If exploited, an attacker could achieve remote code execution on the Airflow worker, potentially compromising the entire Airflow environment, including access to sensitive data, credentials, and the ability to disrupt or manipulate workflows. The severity is rated low by the Apache project due to the prerequisite conditions required for exploitation [3].

Mitigation

Apache has addressed this vulnerability in Airflow version 3.0.5. Users are strongly advised to upgrade to this version or later. If upgrading is not immediately possible, users should review any DAGs derived from example_dag_decorator and apply the parameter validation changes introduced in the patch. Users who have not enabled example DAGs in production or copied the vulnerable code are not affected [2][3].