RCE in Apache Software Foundation Airflow

CVE-2025-54550

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (22.4th percentile) — read the EPSS interpretation.