CVE-2025-54415 is a critical OS command injection vulnerability (CWE-78) affecting the dag-factory library, a tool used with Apache Airflow to declaratively construct DAGs via configuration files. The vulnerability exists in versions prior to 0.23.0a9, specifically in the cicd.yml GitHub Actions workflow within the astronomer/dag-factory repository. When this workflow is triggered by the pull_request_target event, it allows an attacker to execute arbitrary code within the GitHub Actions runner environment. This is due to improper neutralization of special elements in OS commands, enabling command injection. Exploitation can lead to establishing a reverse shell, exfiltration of sensitive secrets such as the GITHUB_TOKEN, and full repository control. The GITHUB_TOKEN typically has high privileges, including the ability to push code, manage workflows, and access repository secrets, making this vulnerability particularly severe. The vulnerability does not require authentication or user interaction and can be triggered remotely by submitting a crafted pull request. Although no known exploits are currently reported in the wild, the high CVSS 4.0 score of 9.1 reflects the ease of exploitation and the extensive impact on confidentiality, integrity, and availability. The flaw is fixed in version 0.23.0a9 of dag-factory.

For European organizations using Apache Airflow with the dag-factory library, this vulnerability poses a significant risk. Attackers can gain unauthorized access to CI/CD pipelines, potentially injecting malicious code into production workflows. This can lead to data breaches, unauthorized code deployment, and disruption of critical business processes. The exposure of the GITHUB_TOKEN can compromise not only the repository but also any integrated services relying on GitHub authentication. Given the widespread adoption of Apache Airflow in data engineering and automation across industries such as finance, healthcare, and manufacturing in Europe, exploitation could result in severe operational and reputational damage. Furthermore, the ability to execute arbitrary commands on GitHub runners can be leveraged to pivot attacks into internal networks, increasing the threat surface. Compliance with GDPR and other data protection regulations may be jeopardized if sensitive data is exfiltrated or manipulated.

European organizations should immediately upgrade dag-factory to version 0.23.0a9 or later to remediate this vulnerability. Additionally, organizations should audit their GitHub Actions workflows to avoid using pull_request_target triggers with untrusted contributors or external pull requests, as this event type executes workflows with elevated privileges. Implementing strict branch protection rules and limiting who can trigger workflows can reduce risk. Secrets such as GITHUB_TOKEN should be scoped with the least privilege necessary and rotated regularly. Monitoring GitHub Actions logs for unusual activity and enabling security alerts can help detect exploitation attempts early. Organizations should also consider isolating CI/CD environments and restricting network access from GitHub runners to internal resources. Finally, educating developers and DevOps teams about secure workflow configurations and the risks of command injection is critical to prevent similar issues.