Information disclosure in Apache Software Foundation Airflow

CVE-2025-66236

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager co…

EPSS: 0.001 (30.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow — versions 3.0.0

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

github.com/apache/airflow/pull/58662 (patch)
lists.apache.org/thread/g8fyy1tkmxkkfk7tx2v6h8mvwzpyykbo (vendor-advisory)