CVE-2025-62503
published 2025-10-30CVE-2025-62503: User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | >= 3.0.0 < 3.1.1 | 3.1.1 |
| apache_software_foundation | apache_airflow | >= 3.0.0 < 3.1.1 | 3.1.1 |