VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-huhh-68py-hbe2

Essentials
Severities (17)
References (8)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-huhh-68py-hbe2
Aliases	CVE-2025-65995 GHSA-gfw7-2v73-69wg
Summary	Apache Airflow error reporting may expose full kwargs When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue has been fixed in Airflow 3.1.5rc1 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-209	Generation of Error Message Containing Sensitive Information
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-65995
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-gfw7-2v73-69wg
cvssv3.1	6.5	https://github.com/apache/airflow
generic_textual	MODERATE	https://github.com/apache/airflow
cvssv3.1	6.5	https://github.com/apache/airflow/pull/58252
generic_textual	MODERATE	https://github.com/apache/airflow/pull/58252
ssvc	Track	https://github.com/apache/airflow/pull/58252
cvssv3.1	6.5	https://github.com/apache/airflow/pull/61883
generic_textual	MODERATE	https://github.com/apache/airflow/pull/61883
ssvc	Track	https://github.com/apache/airflow/pull/61883
cvssv3.1	6.5	https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2
generic_textual	MODERATE	https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2
ssvc	Track	https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2025-65995
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-65995
cvssv3.1	6.5	http://www.openwall.com/lists/oss-security/2025/12/12/2
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2025/12/12/2

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-65995
		https://github.com/apache/airflow
		https://github.com/apache/airflow/pull/58252
		https://github.com/apache/airflow/pull/61883
		https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2
		http://www.openwall.com/lists/oss-security/2025/12/12/2
CVE-2025-65995		https://nvd.nist.gov/vuln/detail/CVE-2025-65995
GHSA-gfw7-2v73-69wg		https://github.com/advisories/GHSA-gfw7-2v73-69wg

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow/pull/58252

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/ Found at https://github.com/apache/airflow/pull/58252

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/airflow/pull/61883

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/ Found at https://github.com/apache/airflow/pull/61883

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/ Found at https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-65995

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2025/12/12/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.03676
EPSS Score	0.00016
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:06:45.322580+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-airflow/CVE-2025-65995.yml	38.6.0