CVE-2025-54550

Name of the Vulnerable Software and Affected Versions Apache Airflow (affected versions not specified)

Description An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute arbitrary code on the worker. XCom is a mechanism that allows tasks to exchange small amounts of data.

Recommendations Users who implemented the pattern found in the 'example xcom' example should adjust their implementations to match the improved version provided in the Airflow 3.2.0 documentation.