CVE-2025-50467 identifies a SQL Injection vulnerability in OpenMetadata versions up to and including 1.4.4. The vulnerability exists in the function listCount within the TestDefinitionDAO interface. Specifically, the parameter supportedDataTypeParam is improperly sanitized or validated, allowing an attacker to inject malicious SQL code. This injection can manipulate the SQL query executed against the backend database, enabling unauthorized extraction of sensitive information stored therein. SQL Injection is a critical class of vulnerabilities because it directly compromises the confidentiality and integrity of data. An attacker exploiting this flaw could retrieve sensitive metadata, user credentials, or other confidential information maintained by OpenMetadata. The lack of a CVSS score suggests this vulnerability is newly published and may not yet have been fully assessed or exploited in the wild. However, the technical details indicate that exploitation does not require authentication or complex user interaction, increasing the risk. OpenMetadata is an open-source metadata management platform used to catalog, manage, and govern data assets. Organizations leveraging this tool rely on it to maintain data governance and compliance. The vulnerability's presence in a core DAO interface implies that the attack surface is significant, potentially affecting all deployments using vulnerable versions. No official patches or mitigations are currently linked, emphasizing the urgency for organizations to apply updates once available or implement temporary controls to mitigate risk.

For European organizations, the impact of this vulnerability could be substantial. OpenMetadata is often used by enterprises and public sector entities to manage critical data assets, including personal data protected under GDPR. Exploitation could lead to unauthorized disclosure of sensitive personal data, intellectual property, or internal operational information, resulting in regulatory penalties, reputational damage, and operational disruption. The ability to extract data via SQL Injection undermines data integrity and confidentiality, potentially enabling further attacks such as privilege escalation or lateral movement within networks. Given the stringent data protection regulations in Europe, any data breach resulting from this vulnerability could trigger mandatory breach notifications and significant fines. Additionally, sectors such as finance, healthcare, and government, which frequently use metadata management tools, may face heightened risks. The absence of known exploits in the wild currently limits immediate threat but does not diminish the potential for targeted attacks, especially as threat actors often reverse-engineer disclosed vulnerabilities to develop exploits.

Immediate mitigation steps include restricting access to the OpenMetadata management interfaces to trusted networks and users only, implementing strict input validation and sanitization at the application layer if possible, and monitoring database queries for anomalous patterns indicative of injection attempts. Organizations should prioritize upgrading to a patched version of OpenMetadata once it becomes available. In the interim, deploying Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection payloads targeting the supportedDataTypeParam parameter can reduce risk. Conducting thorough code reviews and penetration testing focused on the DAO interfaces can help identify and remediate similar injection points. Additionally, enforcing the principle of least privilege on database accounts used by OpenMetadata limits the potential damage from successful exploitation. Logging and alerting on suspicious database query activity will aid in early detection of exploitation attempts. Finally, organizations should ensure their incident response plans include scenarios involving metadata management system compromises.