CVE-2025-54831

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3

Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this model was unintentionally bypassed, allowing users with READ permissions to view sensitive connection details through the API and the UI. This behavior also disregarded the AIRFLOW CORE HIDE SENSITIVE VAR CONN FIELDS configuration option. The issue does not affect Airflow 2.x. The sensitive information exposed includes connection passwords.

Recommendations Upgrade Apache Airflow to version 3.0.4 or later.