CVE-2025-68675

Severity CVSS v4.0:

Pending analysis

Type:

CWE-532 Information Exposure Through Log Files

Publication date:

16/01/2026

Last modified:

16/01/2026

Description

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.<br /> <br /> Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Impact

References to Advisories, Solutions, and Tools

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
http://www.openwall.com/lists/oss-security/2026/01/15/6