CVE-2025-50466 is a high-severity SQL Injection vulnerability affecting OpenMetadata versions up to and including 1.4.4. The vulnerability resides in the listCount function within the TestDefinitionDAO interface, where the entityType parameter is improperly sanitized and directly used to construct SQL queries. This flaw allows an attacker with limited privileges (PR:L) and no user interaction (UI:N) to execute arbitrary SQL commands remotely (AV:N) over the network without authentication (AC:L). The attack can lead to unauthorized extraction of sensitive information from the underlying database, compromising confidentiality (C:H) and partially affecting integrity (I:L) by potentially manipulating query results or causing data inconsistencies. The vulnerability does not impact availability (A:N). The CVSS 3.1 base score is 7.1, reflecting a high risk due to ease of exploitation and significant confidentiality impact. No known exploits are currently reported in the wild, and no official patches or mitigation links are provided yet. The vulnerability was reserved in June 2025 and published in August 2025, indicating recent discovery. OpenMetadata is an open-source metadata management platform used to catalog, manage, and govern data assets, often deployed in data-driven organizations to improve data observability and governance.

For European organizations, this vulnerability poses a significant risk, especially for enterprises relying on OpenMetadata for data governance and compliance with regulations such as GDPR. Exploitation could lead to unauthorized disclosure of personal data and sensitive business information stored in the metadata repository, potentially resulting in data breaches and regulatory penalties. The ability to extract database information without authentication increases the threat landscape, as attackers could leverage this flaw to gain insights into organizational data structures and potentially escalate attacks. The partial integrity impact could also undermine trust in data quality and governance processes. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and public administration, are particularly vulnerable. Additionally, the lack of user interaction requirement facilitates automated exploitation attempts, increasing the likelihood of attacks if the vulnerability remains unpatched.

European organizations should immediately audit their OpenMetadata deployments to identify affected versions (<=1.4.4). Until an official patch is released, organizations should implement the following mitigations: 1) Restrict network access to the OpenMetadata service, limiting it to trusted internal networks and VPNs to reduce exposure to remote attackers. 2) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious SQL injection patterns targeting the entityType parameter. 3) Conduct thorough input validation and sanitization on all parameters, especially entityType, at the application or proxy level if possible. 4) Monitor database query logs and application logs for anomalous queries or repeated access attempts indicative of exploitation attempts. 5) Implement strict role-based access controls to minimize privileges of users interacting with the TestDefinitionDAO interface. 6) Prepare for rapid patch deployment once an official fix is available by establishing a vulnerability response plan. 7) Consider isolating the metadata database with additional security controls such as encryption at rest and network segmentation to limit data exposure in case of compromise.