What is CVE-2025-5874?

CVE-2025-5874 is a medium-severity vulnerability in Redash, classified under CWE-264. CVSS score: 4.6/10. Published 2025-06-09.

How severe is CVE-2025-5874?

Medium severity. CVSS v3 base score is 4.6 out of 10.

Vulnerability in Redash

CVE-2025-5874

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox is…

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

N/a Redash — versions 10.0, 10.1.0, 25.0

Weakness classification (CWE)

References

VDB-311633 | Redash getattr python.py run_query sandbox (technical-description, vdb-entry)
VDB-311633 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #580255 | redash <25.1.0 Sandbox Issue (third-party-advisory)
cna@vuldb.com (related)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2025-5874?: CVE-2025-5874 is a medium-severity vulnerability in Redash, classified under CWE-264. CVSS score: 4.6/10. Published 2025-06-09.
How severe is CVE-2025-5874?: Medium severity. CVSS v3 base score is 4.6 out of 10.