← Back to CVE List

CVE-2025-27018

Published: 2025-03-19T09:15Z
Last Modified: 2025-03-25T18:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. When user triggered a DAG with dump_sql or load_sql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0. Users are recommended to upgrade to version 6.2.0, which fixes the issue. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt