VYPR
Moderate severityOSV Advisory· Published Dec 15, 2025· Updated Dec 16, 2025

Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI

CVE-2025-66388

Description

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.

Users are recommended to upgrade to version 3.1.4, which fixes this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-airflowPyPI
>= 3.1.0, < 3.1.53.1.5

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.