CVE-2025-54941 is an OS command injection vulnerability classified under CWE-78 affecting Apache Airflow version 3.0.0. The vulnerability is located in the example DAG named `example_dag_decorator`, which contains a parameter that is not properly validated or sanitized. This flaw allows an authenticated user with access to the Airflow UI to manipulate the parameter to redirect the DAG execution flow to a malicious server. Consequently, this can lead to arbitrary code execution on the Airflow worker nodes, compromising the integrity and confidentiality of the system. However, exploitation is conditional: it requires that example DAGs are enabled in production (which is not the default setting) or that the vulnerable example DAG code has been copied and modified to build a similar DAG. The vulnerability has a CVSS v3.1 score of 4.6, reflecting a medium severity level with network attack vector, low attack complexity, privileges required, and user interaction needed. The impact primarily affects confidentiality and integrity, with no direct impact on availability. No public exploits have been reported to date. The Apache Software Foundation has addressed this issue in Airflow version 3.0.5, recommending users to review and update any usage of the `example_dag_decorator` accordingly.

The vulnerability allows an authenticated user with UI access to execute arbitrary code on Airflow worker nodes, potentially leading to unauthorized access to sensitive data, manipulation of workflow executions, and lateral movement within the affected environment. Organizations running Airflow 3.0.0 with example DAGs enabled in production or using copied vulnerable DAG code are at risk. This can compromise the confidentiality and integrity of data processed by Airflow workflows. Although the attack complexity is low, exploitation requires user interaction and privileges, limiting the scope somewhat. The absence of known exploits reduces immediate risk, but the potential for damage in environments where Airflow orchestrates critical data pipelines or business processes is significant. Misuse could lead to data breaches, workflow sabotage, or further compromise of internal systems.

To mitigate this vulnerability, organizations should immediately upgrade Apache Airflow to version 3.0.5 or later, where the issue is fixed. Review all DAGs derived from or similar to `example_dag_decorator` for unsafe parameter handling and apply the recommended code changes from the official Airflow release notes. Disable example DAGs in production environments if they are enabled, as they are not intended for production use and pose security risks. Implement strict access controls on the Airflow UI to limit authenticated user privileges, minimizing the risk of exploitation. Additionally, monitor Airflow worker nodes for unusual activity or unauthorized command execution. Employ network segmentation to restrict Airflow worker communications to trusted servers only. Finally, conduct regular security audits and code reviews of custom DAGs to ensure no similar injection vulnerabilities exist.