CVE-2025-50468 is a SQL Injection vulnerability affecting OpenMetadata versions up to and including 1.4.4. The vulnerability resides in the DocStoreDAO interface, specifically in the function listCount, where the entityType parameter is improperly sanitized and directly incorporated into a SQL query. This flaw allows an attacker to craft malicious input that manipulates the SQL query logic, enabling unauthorized extraction of sensitive information from the underlying database. SQL Injection vulnerabilities are critical because they can lead to data leakage, unauthorized data modification, or even complete compromise of the database server depending on the privileges of the database user. In this case, the attacker can exploit the vulnerability remotely by sending specially crafted requests to the affected OpenMetadata service, without requiring authentication or user interaction. The absence of a CVSS score indicates that this vulnerability is newly published and has not yet been fully assessed or exploited in the wild. However, the technical details clearly indicate a direct injection point, which is a well-known and severe class of vulnerabilities. The lack of available patches or mitigation links suggests that users of OpenMetadata up to version 1.4.4 should consider this a high priority security issue. OpenMetadata is an open-source metadata management and data cataloging platform used to organize and govern data assets, often deployed in enterprise environments to support data governance, compliance, and analytics workflows. The exposure of metadata or underlying database contents through this vulnerability could lead to significant confidentiality breaches and potentially facilitate further attacks within an organization’s data infrastructure.

For European organizations, the impact of this SQL Injection vulnerability can be substantial. Many enterprises and public sector entities in Europe rely on metadata management platforms like OpenMetadata to maintain data governance and compliance with regulations such as GDPR. Unauthorized extraction of metadata or database contents could expose sensitive information about data assets, user activities, or internal configurations, potentially leading to privacy violations and regulatory non-compliance. Furthermore, attackers leveraging this vulnerability could gain insights that enable lateral movement or privilege escalation within the affected networks. The breach of metadata integrity and confidentiality undermines trust in data governance processes and could disrupt critical analytics and reporting functions. Given the increasing regulatory scrutiny in Europe around data protection, any data leakage incident could result in significant financial penalties and reputational damage. Additionally, the vulnerability’s ease of exploitation without authentication increases the risk of automated scanning and exploitation attempts targeting European organizations using OpenMetadata, especially those with internet-facing instances or insufficient network segmentation.

To mitigate this vulnerability, European organizations using OpenMetadata up to version 1.4.4 should immediately implement the following measures: 1) Apply any available patches or updates from the OpenMetadata project as soon as they are released addressing CVE-2025-50468. If no official patch is available, consider temporarily disabling or restricting access to the vulnerable DocStoreDAO interface or the listCount function. 2) Implement strict input validation and sanitization on the entityType parameter at the application layer to prevent malicious SQL payloads. 3) Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL Injection attack patterns targeting the affected endpoints. 4) Restrict network access to OpenMetadata services to trusted internal networks or VPNs, minimizing exposure to external attackers. 5) Conduct thorough security audits and code reviews of custom integrations or extensions that interact with the DocStoreDAO interface to ensure no additional injection vectors exist. 6) Monitor logs and network traffic for unusual query patterns or repeated failed attempts that may indicate exploitation attempts. 7) Educate development and operations teams about secure coding practices and the risks of SQL Injection to prevent similar vulnerabilities in future releases.