CVE-2025-27018

Name of the Vulnerable Software and Affected Versions Apache Airflow MySQL Provider versions prior to 6.2.0

Description The issue is related to an SQL Injection vulnerability. When a user triggers a DAG with dump sql or load sql functions, they can pass a table parameter from the UI, which could cause SQL injection by running unintended SQL. This could lead to data corruption and modification.

Recommendations For versions prior to 6.2.0, upgrade to version 6.2.0 to fix the issue. As a temporary workaround, consider restricting the use of the dump sql and load sql functions until the upgrade is applied.