Home > Vulnerability Database > CVE-2025-66388

Mend.io Vulnerability Database

CVE-2025-66388

Good to know:

Date: December 15, 2025

A vulnerability in Apache Airflow 3.1.0 before 3.1.4 allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

Severity Score

6.5

Related Resources (6)

Url: https://github.com/apache/airflow/pull/58772

Url: https://seclists.org/oss-sec/2025/q4/270

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66388

Url: http://www.openwall.com/lists/oss-security/2025/12/12/1

Url: https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g

Url: https://www.mend.io/vulnerability-database/CVE-2025-66388

Severity Score

6.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Insertion of Sensitive Information Into Sent Data

CWE-201

Top Fix

Upgrade Version

Upgrade to version apache-airflow-task-sdk - 1.1.4;apache-airflow-task-sdk - 1.1.4;https://github.com/apache/airflow.git - task-sdk/1.1.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66388

Good to know:

Date: December 15, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?