CVE-2025-62503

Summary

User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Airflow3.0.0 < 3.1.1affected

Weaknesses

  • CWE-250: CWE-250: Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References