Apache Airflow 3.0.3 has been found vulnerable to a critical security flaw tracked as CVE-2025-54831, which undermines its intended protections for sensitive connection data. The issue arises because users with only READ permissions are able to access confidential details, such as database credentials, authentication tokens, and API keys. This flaw reverses the security improvements introduced in Airflow 3.0, which was designed to enforce a strict “write-only” model for sensitive connection fields, limiting visibility exclusively to users with editing rights.

The vulnerability directly impacts organizations that rely on Airflow’s access control mechanisms for safeguarding connection data. It bypasses the platform’s configuration setting, AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS, which was intended to mask sensitive information from unauthorized users. As a result, sensitive details are exposed both via the Airflow API (/api/v1/connections/{connection_id}) and the web interface, giving unintended access to users who should only have limited visibility. This exposure significantly raises the risk of credential theft and subsequent compromise of integrated systems.

Analysis by Apache security researchers traced the flaw to the faulty implementation of connection access control introduced in the 3.0 release. Unlike Airflow 2.x, where exposing connection details to editors was an accepted behavior, version 3.0 attempted to harden security but failed in 3.0.3 due to incorrect enforcement. The improper handling of connection permissions means that sensitive fields like passwords and connection strings are returned in clear text when queried, effectively neutralizing the platform’s security safeguards.

The issue is exclusive to Apache Airflow 3.0.3 and does not affect earlier 2.x versions. Apache has issued an urgent recommendation for all organizations running the vulnerable version to upgrade to Airflow 3.0.4 or later immediately. This patch restores proper enforcement of the write-only model and ensures that sensitive connection information is once again restricted to authorized users, preventing further security risks. Organizations should also review their access logs to identify potential misuse of exposed data during the vulnerable period.