CVE-2025-5874

Name of the Vulnerable Software and Affected Versions Redash versions up to 10.1.0/25.1.0

Description A critical issue affects the run query function of the /query runner/python.py file in the getattr Handler component, leading to a sandbox issue. The exploit has been disclosed publicly and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations For Redash versions up to 10.1.0/25.1.0, as a temporary workaround, consider disabling the run query function until a patch is available. Restrict access to the /query runner/python.py file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.