{"id":"CVE-2025-67895","details":"Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (\u003e=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected.","aliases":["GHSA-66h8-3g48-6hx8"],"modified":"2026-03-14T08:46:09.031337Z","published":"2025-12-17T12:15:46.360Z","references":[{"type":"FIX","url":"https://github.com/apache/airflow/pull/59143"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2025/12/16/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/airflow","events":[{"introduced":"0"},{"fixed":"8217db8cb4b1ff302c5cf8662477ac00f701e78c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.0"}]}}],"versions":["0.1","0.11","0.2","0.2.1","0.2.2","0.2.3","0.3","0.3.1","0.3.2","0.4","0.4.1","0.4.2","0.4.3","0.4.5","0.5.0","1.0.0","1.0.1","1.1.0","1.1.1","1.2.0","1.3.0","1.4.0","1.5.0","1.5.1","1.6.0","1.6.1","1.6.2","1.7.0rc1","1.7.1rc1","2.0.0","2.0.0a1","2.0.0a2","2.0.0b1","2.0.0b2","2.0.0b3","2.0.0rc1","2.0.0rc2","2.0.0rc3","airbnb_1.7.1rc1","airbnb_1.7.1rc10","airbnb_1.7.1rc3","airbnb_prod.1.6.1.0","airbnb_prod.1.6.1.1","airbnb_prod.1.6.1.2","airbnb_prod.1.6.1.3","airbnb_prod.1.6.1.4","airbnb_prod.1.6.1.5","airbnb_prod.1.6.1.7","airbnb_prod.1.6.1.8","airbnb_prod.1.6.2.1","airbnb_prod.1.6.2.2","airbnb_prod.1.6.2.3","airbnb_prod.1.6.2.4","airbnb_prod.1.6.2.5","airbnb_prod.1.6.2.6","airbnb_prod.1.6.2.7","airbnb_prod.1.6.2.8","airbnb_prod.1.6.2.9","backport-providers-2020.10.29","backport-providers-2020.10.29rc1","backport-providers-2020.10.5","backport-providers-2020.10.5rc1","backport-providers-2020.11.13","backport-providers-2020.11.13rc1","backport-providers-2020.11.23","backport-providers-2020.11.23rc1","backport-providers-2020.2.5rc1","backport-providers-2020.5.20rc1","backport-providers-2020.5.20rc2","backport-providers-2020.5.20rc3","backport-providers-2020.6.24","backport-providers-2020.6.24rc1","backport-providers-2021.2.5","backport-providers-2021.2.5rc1","backport-providers-2021.3.13","backport-providers-2021.3.13rc1","backport-providers-2021.3.17","backport-providers-2021.3.17rc1","backport-providers-2021.3.3","backport-providers-2021.3.3rc1","helm-chart/1.0.0","helm-chart/1.0.0rc1","helm-chart/1.0.0rc2","helm-chart/v1.0.1-dev1","legacy-backport-cutoff-point","master-nightly","nightly","nightly-main","nightly-master","providers-1.0.0b2","providers-airbyte/1.0.0","providers-airbyte/1.0.0rc1","providers-airbyte/2.0.0rc1","providers-airbyte/2.0.0rc2","providers-amazon/1.0.0","providers-amazon/1.1.0","providers-amazon/1.1.0rc1","providers-amazon/1.2.0","providers-amazon/1.2.0rc1","providers-amazon/1.3.0","providers-amazon/1.3.0rc1","providers-amazon/1.4.0","providers-amazon/1.4.0rc1","providers-amazon/2.0.0rc1","providers-amazon/2.0.0rc2","providers-apache-beam/1.0.0","providers-apache-beam/1.0.0rc1","providers-apache-beam/1.0.1","providers-apache-beam/1.0.1rc1","providers-apache-beam/1.0.1rc2","providers-apache-beam/2.0.0","providers-apache-beam/2.0.0rc1","providers-apache-beam/3.0.0rc1","providers-apache-beam/3.0.0rc2","providers-apache-cassandra/1.0.0","providers-apache-cassandra/1.0.1","providers-apache-cassandra/1.0.1rc1","providers-apache-cassandra/2.0.0rc1","providers-apache-cassandra/2.0.0rc2","providers-apache-druid/1.0.0","providers-apache-druid/1.0.1","providers-apache-druid/1.0.1rc1","providers-apache-druid/1.1.0","providers-apache-druid/1.1.0rc1","providers-apache-druid/1.1.0rc2","providers-apache-druid/2.0.0rc1","providers-apache-druid/2.0.0rc2","providers-apache-hdfs/1.0.0","providers-apache-hdfs/1.0.1","providers-apache-hdfs/1.0.1rc1","providers-apache-hdfs/2.0.0rc1","providers-apache-hdfs/2.0.0rc2","providers-apache-hive/1.0.0","providers-apache-hive/1.0.1","providers-apache-hive/1.0.1rc1","providers-apache-hive/1.0.2","providers-apache-hive/1.0.2rc1","providers-apache-hive/1.0.3","providers-apache-hive/1.0.3rc1","providers-apache-hive/2.0.0rc1","providers-apache-hive/2.0.0rc2","providers-apache-kylin/1.0.0","providers-apache-kylin/1.0.1","providers-apache-kylin/1.0.1rc1","providers-apache-kylin/2.0.0rc1","providers-apache-kylin/2.0.0rc2","providers-apache-livy/1.0.0","providers-apache-livy/1.0.1","providers-apache-livy/1.0.1rc1","providers-apache-livy/1.1.0","providers-apache-livy/1.1.0rc1","providers-apache-livy/2.0.0rc1","providers-apache-livy/2.0.0rc2","providers-apache-pig/1.0.0","providers-apache-pig/1.0.1","providers-apache-pig/1.0.1rc1","providers-apache-pig/2.0.0rc1","providers-apache-pig/2.0.0rc2","providers-apache-pinot/1.0.0","providers-apache-pinot/1.0.1","providers-apache-pinot/1.0.1rc1","providers-apache-pinot/2.0.0rc1","providers-apache-pinot/2.0.0rc2","providers-apache-spark/1.0.0","providers-apache-spark/1.0.1","providers-apache-spark/1.0.1rc1","providers-apache-spark/1.0.2","providers-apache-spark/1.0.2rc1","providers-apache-spark/1.0.3","providers-apache-spark/1.0.3rc1","providers-apache-spark/2.0.0rc1","providers-apache-spark/2.0.0rc2","providers-apache-sqoop/1.0.0","providers-apache-sqoop/1.0.1","providers-apache-sqoop/1.0.1rc1","providers-apache-sqoop/2.0.0rc1","providers-apache-sqoop/2.0.0rc2","providers-asana/1.0.0rc1","providers-asana/1.0.0rc2","providers-celery/1.0.0","providers-celery/1.0.1","providers-celery/1.0.1rc1","providers-celery/2.0.0rc1","providers-celery/2.0.0rc2","providers-cloudant/1.0.0","providers-cloudant/1.0.1","providers-cloudant/1.0.1rc1","providers-cloudant/2.0.0rc1","providers-cloudant/2.0.0rc2","providers-cncf-kubernetes/1.0.0","providers-cncf-kubernetes/1.0.1","providers-cncf-kubernetes/1.0.1rc1","providers-cncf-kubernetes/1.0.2","providers-cncf-kubernetes/1.0.2rc1","providers-cncf-kubernetes/1.1.0","providers-cncf-kubernetes/1.1.0rc1","providers-cncf-kubernetes/1.2.0","providers-cncf-kubernetes/1.2.0rc1","providers-cncf-kubernetes/2.0.0rc1","providers-cncf-kubernetes/2.0.0rc2","providers-databricks/1.0.0","providers-databricks/1.0.1","providers-databricks/1.0.1rc1","providers-databricks/2.0.0rc1","providers-databricks/2.0.0rc2","providers-datadog/1.0.0","providers-datadog/1.0.1","providers-datadog/1.0.1rc1","providers-datadog/2.0.0rc1","providers-datadog/2.0.0rc2","providers-dingding/1.0.0","providers-dingding/1.0.1","providers-dingding/1.0.1rc1","providers-dingding/1.0.2","providers-dingding/1.0.2rc1","providers-dingding/2.0.0rc1","providers-dingding/2.0.0rc2","providers-discord/1.0.0","providers-discord/1.0.1","providers-discord/1.0.1rc1","providers-discord/2.0.0rc1","providers-discord/2.0.0rc2","providers-docker/1.0.0","providers-docker/1.0.1","providers-docker/1.0.1rc1","providers-docker/1.0.2","providers-docker/1.0.2rc1","providers-docker/1.1.0","providers-docker/1.1.0rc1","providers-docker/1.2.0","providers-docker/1.2.0rc1","providers-docker/2.0.0rc1","providers-docker/2.0.0rc2","providers-elasticsearch/1.0.0","providers-elasticsearch/1.0.1","providers-elasticsearch/1.0.1rc1","providers-elasticsearch/1.0.2","providers-elasticsearch/1.0.2rc1","providers-elasticsearch/1.0.3","providers-elasticsearch/1.0.3rc1","providers-elasticsearch/1.0.4","providers-elasticsearch/1.0.4rc1","providers-elasticsearch/2.0.0rc1","providers-elasticsearch/2.0.1rc1","providers-exasol/1.0.0","providers-exasol/1.1.0","providers-exasol/1.1.0rc1","providers-exasol/1.1.1","providers-exasol/1.1.1rc1","providers-exasol/2.0.0rc1","providers-exasol/2.0.0rc2","providers-facebook/1.0.0","providers-facebook/1.0.1","providers-facebook/1.0.1rc1","providers-facebook/1.1.0","providers-facebook/1.1.0rc1","providers-facebook/2.0.0rc1","providers-facebook/2.0.0rc2","providers-ftp/1.0.0","providers-ftp/1.0.1","providers-ftp/1.0.1rc1","providers-ftp/1.1.0","providers-ftp/1.1.0rc1","providers-ftp/2.0.0rc1","providers-ftp/2.0.0rc2","providers-google/1.0.0","providers-google/2.0.0","providers-google/2.0.0rc1","providers-google/2.1.0","providers-google/2.1.0rc1","providers-google/2.2.0","providers-google/2.2.0rc1","providers-google/3.0.0","providers-google/3.0.0rc1","providers-google/4.0.0rc1","providers-google/4.0.0rc2","providers-grpc/1.0.0","providers-grpc/1.0.1","providers-grpc/1.0.1rc1","providers-grpc/1.1.0","providers-grpc/1.1.0rc1","providers-grpc/2.0.0rc1","providers-grpc/2.0.0rc2","providers-hashicorp/1.0.0","providers-hashicorp/1.0.1","providers-hashicorp/1.0.1rc1","providers-hashicorp/1.0.2","providers-hashicorp/1.0.2rc1","providers-hashicorp/2.0.0rc1","providers-hashicorp/2.0.0rc2","providers-http/1.0.0","providers-http/1.1.0","providers-http/1.1.0rc1","providers-http/1.1.1","providers-http/1.1.1rc1","providers-http/2.0.0rc1","providers-http/2.0.0rc2","providers-imap/1.0.0","providers-imap/1.0.1","providers-imap/1.0.1rc1","providers-imap/2.0.0rc1","providers-imap/2.0.0rc2","providers-jdbc/1.0.0","providers-jdbc/1.0.1","providers-jdbc/1.0.1rc1","providers-jdbc/2.0.0rc1","providers-jdbc/2.0.0rc2","providers-jenkins/1.0.0","providers-jenkins/1.0.1","providers-jenkins/1.0.1rc1","providers-jenkins/1.1.0","providers-jenkins/1.1.0rc1","providers-jenkins/2.0.0rc1","providers-jenkins/2.0.0rc2","providers-jira/1.0.0","providers-jira/1.0.1","providers-jira/1.0.1rc1","providers-jira/1.0.2","providers-jira/1.0.2rc1","providers-jira/2.0.0rc1","providers-jira/2.0.0rc2","providers-microsoft-azure/1.0.0","providers-microsoft-azure/1.1.0","providers-microsoft-azure/1.1.0rc1","providers-microsoft-azure/1.2.0","providers-microsoft-azure/1.2.0rc1","providers-microsoft-azure/1.2.0rc2","providers-microsoft-azure/1.3.0","providers-microsoft-azure/1.3.0rc1","providers-microsoft-azure/2.0.0","providers-microsoft-azure/2.0.0rc1","providers-microsoft-azure/3.0.0rc1","providers-microsoft-azure/3.0.0rc2","providers-microsoft-mssql/1.0.0","providers-microsoft-mssql/1.0.1","providers-microsoft-mssql/1.0.1rc1","providers-microsoft-mssql/1.1.0","providers-microsoft-mssql/1.1.0rc1","providers-microsoft-mssql/2.0.0rc1","providers-microsoft-mssql/2.0.0rc2","providers-microsoft-winrm/1.0.0","providers-microsoft-winrm/1.0.1","providers-microsoft-winrm/1.0.1rc1","providers-microsoft-winrm/1.1.0","providers-microsoft-winrm/1.1.0rc1","providers-microsoft-winrm/1.2.0","providers-microsoft-winrm/1.2.0rc1","providers-microsoft-winrm/2.0.0rc1","providers-microsoft-winrm/2.0.0rc2","providers-mongo/1.0.0","providers-mongo/1.0.1","providers-mongo/1.0.1rc1","providers-mongo/2.0.0rc1","providers-mongo/2.0.0rc2","providers-mysql/1.0.0","providers-mysql/1.0.1","providers-mysql/1.0.1rc1","providers-mysql/1.0.2","providers-mysql/1.0.2rc1","providers-mysql/1.1.0","providers-mysql/1.1.0rc1","providers-mysql/2.0.0rc1","providers-mysql/2.0.0rc2","providers-neo4j/1.0.0","providers-neo4j/1.0.0rc1","providers-neo4j/1.0.1","providers-neo4j/1.0.1rc1","providers-neo4j/2.0.0rc1","providers-neo4j/2.0.0rc2","providers-odbc/1.0.0","providers-odbc/1.0.1","providers-odbc/1.0.1rc1","providers-odbc/2.0.0rc1","providers-odbc/2.0.0rc2","providers-openfaas/1.0.0","providers-openfaas/1.1.0","providers-openfaas/1.1.0rc1","providers-openfaas/1.1.1","providers-openfaas/1.1.1rc1","providers-openfaas/2.0.0rc1","providers-openfaas/2.0.0rc2","providers-opsgenie/1.0.0","providers-opsgenie/1.0.1","providers-opsgenie/1.0.1rc1","providers-opsgenie/1.0.2","providers-opsgenie/1.0.2rc1","providers-opsgenie/2.0.0rc1","providers-opsgenie/2.0.0rc2","providers-oracle/1.0.0","providers-oracle/1.0.1","providers-oracle/1.0.1rc1","providers-oracle/1.1.0","providers-oracle/1.1.0rc1","providers-oracle/2.0.0rc1","providers-oracle/2.0.0rc2","providers-pagerduty/1.0.0","providers-pagerduty/1.0.1","providers-pagerduty/1.0.1rc1","providers-pagerduty/2.0.0rc1","providers-pagerduty/2.0.0rc2","providers-papermill/1.0.0","providers-papermill/1.0.1","providers-papermill/1.0.1rc1","providers-papermill/1.0.2","providers-papermill/1.0.2rc1","providers-papermill/2.0.0rc1","providers-papermill/2.0.0rc2","providers-plexus/1.0.0","providers-plexus/1.0.1","providers-plexus/1.0.1rc1","providers-plexus/2.0.0rc1","providers-plexus/2.0.0rc2","providers-postgres/1.0.0","providers-postgres/1.0.1","providers-postgres/1.0.1rc1","providers-postgres/1.0.2","providers-postgres/1.0.2rc1","providers-postgres/2.0.0rc1","providers-postgres/2.0.0rc2","providers-presto/1.0.0","providers-presto/1.0.1","providers-presto/1.0.1rc1","providers-presto/1.0.2","providers-presto/1.0.2rc1","providers-presto/2.0.0rc1","providers-presto/2.0.0rc2","providers-qubole/1.0.0","providers-qubole/1.0.1","providers-qubole/1.0.1rc1","providers-qubole/1.0.2","providers-qubole/1.0.2rc1","providers-qubole/2.0.0rc1","providers-qubole/2.0.0rc2","providers-redis/1.0.0","providers-redis/1.0.1","providers-redis/1.0.1rc1","providers-redis/2.0.0rc1","providers-redis/2.0.0rc2","providers-salesforce/1.0.0","providers-salesforce/1.0.1","providers-salesforce/1.0.1rc1","providers-salesforce/2.0.0","providers-salesforce/2.0.0rc1","providers-salesforce/2.0.0rc2","providers-salesforce/3.0.0rc1","providers-salesforce/3.0.0rc2","providers-samba/1.0.0","providers-samba/1.0.1","providers-samba/1.0.1rc1","providers-samba/2.0.0rc1","providers-samba/2.0.0rc2","providers-segment/1.0.0","providers-segment/1.0.1","providers-segment/1.0.1rc1","providers-segment/2.0.0rc1","providers-segment/2.0.0rc2","providers-sendgrid/1.0.0","providers-sendgrid/1.0.1","providers-sendgrid/1.0.1rc1","providers-sendgrid/1.0.2","providers-sendgrid/1.0.2rc1","providers-sendgrid/2.0.0rc1","providers-sendgrid/2.0.0rc2","providers-sftp/1.0.0","providers-sftp/1.1.0","providers-sftp/1.1.0rc1","providers-sftp/1.1.1","providers-sftp/1.1.1rc1","providers-sftp/1.2.0","providers-sftp/1.2.0rc1","providers-sftp/2.0.0rc1","providers-sftp/2.0.0rc2","providers-singularity/1.0.0","providers-singularity/1.0.1","providers-singularity/1.0.1rc1","providers-singularity/1.1.0","providers-singularity/1.1.0rc1","providers-singularity/2.0.0rc1","providers-singularity/2.0.0rc2","providers-slack/1.0.0","providers-slack/2.0.0","providers-slack/2.0.0rc1","providers-slack/3.0.0","providers-slack/3.0.0rc1","providers-slack/4.0.0rc1","providers-slack/4.0.0rc2","providers-snowflake/1.0.0","providers-snowflake/1.1.0","providers-snowflake/1.1.0rc1","providers-snowflake/1.1.1","providers-snowflake/1.1.1rc1","providers-snowflake/1.1.1rc2","providers-snowflake/1.2.0","providers-snowflake/1.2.0rc1","providers-snowflake/1.3.0","providers-snowflake/1.3.0rc1","providers-snowflake/2.0.0rc1","providers-snowflake/2.0.0rc2","providers-snowflake/2.0.0rc3","providers-sqlite/1.0.0","providers-sqlite/1.0.1","providers-sqlite/1.0.1rc1","providers-sqlite/1.0.2","providers-sqlite/1.0.2rc1","providers-sqlite/2.0.0rc1","providers-sqlite/2.0.0rc2","providers-ssh/1.0.0","providers-ssh/1.1.0","providers-ssh/1.1.0rc1","providers-ssh/1.2.0","providers-ssh/1.2.0rc1","providers-ssh/1.3.0","providers-ssh/1.3.0rc1","providers-ssh/2.0.0rc1","providers-ssh/2.0.0rc2","providers-tableau/1.0.0","providers-tableau/1.0.0rc1","providers-tableau/2.0.0rc1","providers-tableau/2.0.0rc2","providers-telegram/1.0.0","providers-telegram/1.0.1","providers-telegram/1.0.1rc1","providers-telegram/1.0.2","providers-telegram/1.0.2rc1","providers-telegram/2.0.0rc1","providers-telegram/2.0.0rc2","providers-trino/1.0.0","providers-trino/1.0.0rc1","providers-trino/2.0.0rc1","providers-trino/2.0.0rc2","providers-vertica/1.0.0","providers-vertica/1.0.1","providers-vertica/1.0.1rc1","providers-vertica/2.0.0rc1","providers-vertica/2.0.0rc2","providers-yandex/1.0.0","providers-yandex/1.0.1","providers-yandex/1.0.1rc1","providers-yandex/2.0.0rc1","providers-yandex/2.0.0rc2","providers-zendesk/1.0.0","providers-zendesk/1.0.1","providers-zendesk/1.0.1rc1","providers-zendesk/2.0.0rc1","providers-zendesk/2.0.0rc2","providers/1.0.0b2","providers/1.0.0rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67895.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}