CVE-2025-50213

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/apache/airflow/pull/51734
https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

Configurations

No configuration.

History

26 Jun 2025, 18:58

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad por fallo en la depuración de elementos especiales en un plano diferente (inyección de elementos especiales) en Apache Airflow Providers Snowflake. Este problema afecta a Apache Airflow Providers Snowflake: versiones anteriores a la 6.4.0. Se añadió la depuración de los parámetros de tabla y etapa en CopyFromExternalStageToSnowflakeOperator para evitar la inyección de SQL. Se recomienda a los usuarios actualizar a la versión 6.4.0, que soluciona el problema.

24 Jun 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

24 Jun 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 08:15

Updated : 2025-06-26 18:58

NVD link : CVE-2025-50213

Mitre link : CVE-2025-50213

CVE.ORG link : CVE-2025-50213

JSON object : View

Products Affected

No product.

CWE

CWE-75

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

9.8 /10