A critical remote code execution (RCE) vulnerability, identified as CVE-2025-67895, exists within a development-only component of Apache Airflow. The flaw resides in the unreleased Edge3 provider for Airflow 2, which exposes an insecure API allowing authenticated users with DAG authoring permissions to execute arbitrary code on the underlying webserver. Successful exploitation could lead to a complete compromise of the Airflow instance, enabling data theft, lateral movement, and disruption of data processing workflows.

The vulnerability stems from an insecure, non-public API implicitly enabled when the development-only Edge3 provider was installed on an Apache Airflow 2 instance. This API contains an Edge3 Worker RPC (Remote Procedure Call) function that lacks proper authorization checks. An attacker with permissions to author Airflow DAGs can craft a malicious DAG that calls this RPC function, passing arbitrary commands that are then executed with the permissions of the Airflow webserver process, leading to remote code execution.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for significant damage. A successful exploit grants an attacker complete control over the Airflow webserver, which can lead to severe consequences, including the theft of sensitive credentials and data stored in Airflow connections, unauthorized access to connected data sources, and manipulation or disruption of critical business data pipelines. The compromise of the webserver can also serve as a pivot point for an attacker to move laterally within the corporate network, escalating the scope and impact of the breach.

Immediate Action: Immediately identify all Apache Airflow 2 instances with the Edge3 provider installed. The primary remediation is to uninstall the affected provider and migrate to a supported configuration, such as Airflow 3. If migration is not immediately possible, ensure the Edge3 provider is updated to version 2.0.0 or later, as these versions have the vulnerable code removed and are not compatible with Airflow 2, preventing installation. After remediation, monitor for any signs of post-exploitation activity and review historical access logs for indicators of compromise.

Proactive Monitoring: Monitor Airflow webserver logs for unusual or unexpected API requests, particularly those related to RPC calls or the Edge3 provider. System administrators should also monitor for unexpected processes being spawned by the Airflow webserver user account. Implement file integrity monitoring on DAG directories to detect the introduction of malicious code.

Compensating Controls: If patching or uninstallation is not immediately feasible, implement the following controls:

• Restrict network access to the Airflow web UI and API to only trusted IP addresses.
• Implement a Web Application Firewall (WAF) with rules to inspect and block malicious API calls.
• Enforce a strict code review and approval process for all new or modified DAGs to prevent the introduction of exploit code.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) of this vulnerability, we strongly recommend immediate action. Organizations must prioritize the identification of any Airflow 2 environments running the affected Edge3 provider. The recommended remediation path of uninstalling the provider and migrating to a supported Airflow version should be executed without delay. Although this CVE is not currently listed on the CISA KEV catalog, its critical nature makes it a prime candidate for future inclusion and a top priority for remediation to prevent a full system compromise.