What is CVE-2025-69219?

CVE-2025-69219 is a vulnerability in Apache Software Foundation Airflow Providers Http, classified under Improper Control of Dynamically-Managed Code Resources. Published 2026-03-09.

Is CVE-2025-69219 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Airflow Providers Http

CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended f…

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow Providers Http — versions 5.1.0

Weakness classification (CWE)

CWE-913 — Improper Control of Dynamically-Managed Code Resources

Public proof-of-concept exploits

References

github.com/apache/airflow/pull/61662 (patch)
lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0 (vendor-advisory)

Frequently asked questions

What is CVE-2025-69219?: CVE-2025-69219 is a vulnerability in Apache Software Foundation Airflow Providers Http, classified under Improper Control of Dynamically-Managed Code Resources. Published 2026-03-09.
Is CVE-2025-69219 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.