Apache Airflow is a platform to programmatically author, schedule, and monitor workflows.

Apache Airflow

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.

Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66388	MEDIUM	6.5	Apache Airflow	apache-airflow	No	Yes	Dec 15, 2025
CVE-2025-54831	MEDIUM	6.5	Apache Airflow	airflow	No	Yes	Sep 26, 2025
CVE-2025-62402	MEDIUM	5.4	Apache Airflow	airflow-3	No	Yes	Oct 30, 2025
CVE-2025-62503	MEDIUM	4.6	Apache Airflow	airflow-3	No	Yes	Oct 30, 2025
CVE-2025-54941	MEDIUM	4.6	Apache Airflow	airflow	No	Yes	Oct 30, 2025

CVE-2025-66388:
Apache Airflow vulnerability analysis and mitigation

6.5

Related Apache Airflow vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-66388: Apache Airflow vulnerability analysis and mitigation