9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-67895

CVE-2025-67895: Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2.

This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2.

The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.

If projects installed and configured Edge3 provider for Airflow 2, they should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has a minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.

If projects used Edge Provider in Airflow 3, you they are not affected.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-67895

CVE-2025-67895:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
apache-airflow-providers-edge3	pip	< 2.0.0	2.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in an insecure JSON-RPC endpoint exposed by the Apache Airflow Edge3 provider when used with Airflow 2. This endpoint was intended for development and testing but was inadvertently enabled in a way that could be accessed by DAG authors.

The analysis of the provided patch, specifically commit 369b2e88d01d65c981e2b2deed950ea761645be6, reveals the root cause. The file providers/edge3/src/airflow/providers/edge3/worker_api/routes/_v2_routes.py defined a function rpcapi_v2 that handled requests to the /rpcapi endpoint. This function would deserialize a JSON-RPC request and use the method parameter from the request body to look up and execute a corresponding internal Airflow function.

This design is inherently dangerous as it creates a proxy for internal API calls. A user with permissions to author DAGs could make an HTTP request from within a task to this endpoint, specifying a sensitive internal function (e.g., one that can execute system commands or manipulate configurations) as the method, and provide crafted parameters. This would lead to Remote Code Execution (RCE) in the context of the Airflow webserver process.

The fix applied was to completely remove support for Airflow 2 from the Edge3 provider. This involved deleting the compatibility code for Airflow 2, including the file containing the vulnerable rpcapi_v2 function and the associated OpenAPI specification (edge_worker_api_v1.yaml). By doing so, the vulnerable endpoint is no longer exposed, mitigating the RCE risk.

Vulnerable functions

airflow.providers.edge3.worker_api.routes._v2_routes.rpcapi_v2

providers/edge3/src/airflow/providers/edge3/worker_api/routes/_v2_routes.py

This function implemented a generic JSON-RPC endpoint that was exposed on the webserver for Airflow 2.x installations of the edge3 provider. It allowed calling internal Airflow methods specified in the request's 'method' parameter. A malicious DAG author could craft a request to this endpoint to execute arbitrary code on the webserver by invoking a dangerous internal method. The patch completely removes this endpoint and its handler function by dropping support for Airflow 2.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-67895: Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

CVE-2025-67895:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

9.8

9.8

Technical Details

Basic Information

Basic Information

CVE-2025-67895: Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI