CVE-2025-50465

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.4.5

Description OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the TestDefinitionDAO interface. The testPlatform parameter is used to construct a SQL query, enabling the injection.

Recommendations Update to OpenMetadata version 1.4.5 or later. As a temporary workaround, restrict access to the TestDefinitionDAO interface. Avoid using the testPlatform parameter in the affected function until the issue is resolved.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-50465

Affected Products

Openmetadata

CVE-2025-50465

Weakness Enumeration

Related Identifiers

Affected Products

References · 9