CVE-2025-65995 is a security vulnerability classified under CWE-209, which involves the generation of error messages containing sensitive information. In Apache Airflow, a popular open-source workflow orchestration platform, this vulnerability arises when a Directed Acyclic Graph (DAG) fails during parsing. Under these failure conditions, Airflow's error-reporting mechanism in the UI can inadvertently include the full keyword arguments (kwargs) passed to the operators within the DAG. These kwargs may contain sensitive data such as passwords, API keys, tokens, or other secrets. Because the error traceback is displayed in the Airflow UI, any authenticated user with permission to view the affected DAG can access this sensitive information. The vulnerability affects Apache Airflow versions prior to 3.1.4 and 2.11.1, where the issue has been addressed and fixed. The flaw does not require exploitation by unauthenticated users, as it depends on legitimate access to the Airflow UI and DAG permissions. There are no known exploits in the wild at this time. The vulnerability was reserved in November 2025 and published in February 2026. No CVSS score has been assigned, but the nature of the flaw indicates a significant confidentiality risk due to exposure of secrets through error messages. The issue is particularly critical in environments where Airflow is used to orchestrate workflows involving sensitive credentials or data pipelines. The fix involves sanitizing error messages to avoid including sensitive kwargs in UI tracebacks.

The primary impact of CVE-2025-65995 is the potential unauthorized disclosure of sensitive information such as secrets, credentials, or tokens embedded in operator kwargs. This leakage occurs through error messages displayed in the Airflow UI when a DAG parsing failure happens. Although exploitation requires authenticated access with DAG viewing permissions, the exposure of secrets can lead to further compromise of systems, unauthorized access to cloud resources, databases, or other integrated services. Organizations relying on Airflow for critical data workflows or cloud orchestration may face increased risk of data breaches, lateral movement, or privilege escalation if secrets are leaked. The vulnerability undermines confidentiality and could indirectly affect integrity and availability if attackers leverage leaked credentials to disrupt workflows or infrastructure. Given Airflow's widespread adoption in enterprises, cloud providers, and data-centric organizations, the scope of affected systems is broad. The absence of known exploits suggests limited active attacks currently, but the risk remains high if the vulnerability is not remediated. This issue also raises compliance concerns for organizations subject to data protection regulations requiring safeguarding of sensitive information.

To mitigate CVE-2025-65995, organizations should immediately upgrade Apache Airflow to versions 3.1.4 or 2.11.1 or later, where the vulnerability has been fixed. Until upgrades can be applied, administrators should restrict access to the Airflow UI and DAGs to only trusted and necessary personnel, minimizing the number of users who can view DAGs and their error messages. Review and audit DAG definitions to avoid embedding sensitive information directly in operator kwargs; instead, use secure secret management solutions integrated with Airflow, such as HashiCorp Vault or cloud provider secret managers. Implement strict role-based access control (RBAC) policies to limit DAG viewing permissions. Additionally, monitor Airflow logs and UI error messages for any unusual access patterns or attempts to trigger DAG parsing failures. Consider disabling detailed error tracebacks in the UI if possible or customizing error handling to sanitize outputs. Regularly review and rotate secrets used within Airflow workflows to reduce the impact of any potential exposure. Finally, maintain an up-to-date inventory of Airflow deployments and ensure timely application of security patches.