CVE-2025-54415 is a critical OS command injection vulnerability (CWE-78) affecting the dag-factory library, a tool used with Apache Airflow to declaratively construct Directed Acyclic Graphs (DAGs) via configuration files. The vulnerability exists in versions prior to 0.23.0a9, specifically in the cicd.yml GitHub Actions workflow within the astronomer/dag-factory repository. When this workflow is triggered by a pull_request_target event, it allows an attacker to inject and execute arbitrary OS commands within the GitHub Actions runner environment. This is due to improper neutralization of special elements in the workflow configuration, enabling command injection. Exploitation does not require authentication or user interaction, making it highly accessible to attackers who can submit pull requests. Successful exploitation can lead to establishing a reverse shell on the runner, exfiltration of sensitive secrets including the GITHUB_TOKEN, and full control over the repository. The GITHUB_TOKEN is a highly privileged token that can be used to perform actions on behalf of the repository, such as modifying code, pushing malicious commits, or accessing confidential data. The vulnerability has a CVSS 4.0 score of 9.1 (critical), reflecting its high impact on confidentiality, integrity, and availability, ease of exploitation, and broad scope. The issue was fixed in version 0.23.0a9 of dag-factory. No known exploits are currently reported in the wild, but the severity and ease of exploitation make this a significant threat to organizations using this library in their CI/CD pipelines.

For European organizations utilizing Apache Airflow with the dag-factory library, this vulnerability poses a severe risk to their software development lifecycle and code integrity. Exploitation could allow attackers to compromise CI/CD pipelines, inject malicious code into production workflows, and exfiltrate sensitive credentials or proprietary code. This could lead to supply chain attacks, data breaches, and disruption of critical business processes. Given the widespread adoption of Apache Airflow in data engineering and workflow orchestration across industries such as finance, healthcare, and manufacturing in Europe, the impact could be substantial. Additionally, compromised repositories could be used as a foothold for further attacks within the organization's network. The exposure of the GITHUB_TOKEN increases the risk of lateral movement and privilege escalation. Regulatory compliance frameworks in Europe, such as GDPR, may also be implicated if personal data is accessed or leaked due to this vulnerability, leading to legal and financial consequences.

European organizations should immediately upgrade dag-factory to version 0.23.0a9 or later to remediate the vulnerability. Additionally, organizations should audit their GitHub Actions workflows to avoid using pull_request_target triggers in contexts where untrusted code can be executed. Implement strict branch protection rules and require code reviews before merging pull requests to reduce the risk of malicious contributions. Limit the permissions granted to GITHUB_TOKEN by using fine-grained tokens or GitHub App tokens with minimal scopes. Employ secrets scanning and monitoring to detect unauthorized access or exfiltration attempts. Consider isolating CI/CD runners in restricted environments with minimal network access to limit the impact of potential compromise. Regularly review and rotate secrets used in workflows. Finally, conduct security awareness training for developers on secure CI/CD practices and the risks of third-party dependencies.