Apache · Apache Airflow Ftp Provider · CVE-2025-69219
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow Providers Http versions prior to 6.0.0
**Description**
A user with database access can create a malicious database entry that executes code on the Triggerer, granting them the same permissions as a Dag Author. Direct database access is not typical for Airflow, reducing the likelihood of exploitation. The issue involves unsafe pickle deserialization in the `HttpOperator`.
**Recommendations**
Upgrade to version 6.0.0 of the provider to address the issue.