CVE-2025-54415

Name of the Vulnerable Software and Affected Versions dag-factory versions 0.23.0a8 and below

Description dag-factory is a library for Apache Airflow® used to construct DAGs declaratively via configuration files. A high-severity issue exists in the cicd.yml workflow within the astronomer/dag-factory GitHub repository. When triggered by pull request target, the workflow is susceptible to exploitation, allowing an attacker to execute arbitrary code within the GitHub Actions runner environment. This misconfiguration enables an attacker to establish a reverse shell, exfiltrate sensitive secrets, including the GITHUB TOKEN, and gain full control over the repository.

Recommendations Update to version 0.23.0a9 or later.