CVE-2025-50465 | THREATINT

Description

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-08 | Updated 2025-08-08 | Assigner mitre

HIGH: 7.1CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:U/UI:N

References

github.com/.../openmetadata/service/jdbi3/CollectionDAO.java

gist.github.com/javadk/c23cc3276f3fb5587b0f4345d7a71a7f

cve.org (CVE-2025-50465)

nvd.nist.gov (CVE-2025-50465)

Download JSON

help @ threatint.eu