Apache · Apache Airflow · CVE-2025-54550
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow (affected versions not specified)
**Description**
An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute arbitrary code on the worker. XCom is a mechanism that allows tasks to exchange small amounts of data.
**Recommendations**
Users who implemented the pattern found in the 'example xcom' example should adjust their implementations to match the improved version provided in the Airflow 3.2.0 documentation.