CVE-2025-62402
published 2025-10-30CVE-2025-62402: API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | >= 3.0.0 < 3.1.1 | 3.1.1 |
| apache_software_foundation | apache_airflow | >= 3.0.0 < 3.1.1 | 3.1.1 |