CVE-2025-50213CRITICAL 9.8EPSS p43.7%

CVE-2025-50213CVE-2025-50213

Description

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injection Users are recommended to upgrade to version 6.4.0, which fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.59% probability of exploitation · percentile 43.7% · 2026-06-19T12:03:05Z
Published2025-06-24
Last modified2025-07-11

Underlying weaknesses· 1

CWE-75

References

  1. https://github.com/apache/airflow/pull/51734
  2. https://lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3

1

TypeTargetConfidenceTier
WeaknessFailure to Sanitize Special Elements into a Different Plane (Special Element Injection)cwe-750%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-30473
CVE
CVE-2025-62228
CVE
CVE-2025-69219
CVE
CVE-2026-35194
CVE
CVE-2026-45360
CVE
CVE-2026-42360
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.