CVE-2025-27555

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 2.11.1

Description The software contains a flaw that permits authenticated users possessing audit log access to view sensitive values within audit logs that they are not authorized to see. Specifically, when sensitive connection parameters were established through the Airflow command-line interface (CLI), the values of these variables were exposed in the audit log and stored unencrypted within the Airflow database. This risk is confined to users with audit log access. The issue concerns connection secrets not being masked in the user interface when connections are added via the CLI.

Recommendations Upgrade to Airflow version 2.11.1 or a later version. Manually delete entries containing sensitive connection values from the log table for users who previously used the CLI to set connections.