CVE-2025-30473

Name of the Vulnerable Software and Affected Versions Apache Airflow Common SQL Provider versions prior to 1.24.1

Description The issue is related to an SQL Injection vulnerability in the Apache Airflow Common SQL Provider. This vulnerability allows an authenticated UI user to inject arbitrary SQL commands when triggering a DAG, potentially escalating privileges to execute commands they normally would not have.

Recommendations For versions prior to 1.24.1, upgrade to version 1.24.1 to fix the issue. As a temporary workaround, consider restricting access to the SQLTableCheckOperator and limiting the exposure of the partition clause to users. Avoid using the partition clause in SQLTableCheckOperator as a parameter to minimize the risk of exploitation.