CVE-2025-5874 | THREATINT

Description

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Eine Schwachstelle wurde in Redash bis 10.1.0/25.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion run_query der Datei /query_runner/python.py der Komponente getattr Handler. Durch die Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-06-08 | Published 2025-06-09 | Updated 2025-06-09 | Assigner VulDB

MEDIUM: 5.1CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 5.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

MEDIUM: 5.5CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

5.2AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Sandbox Issue

Improper Access Controls

Timeline

2025-06-08:	Advisory disclosed
2025-06-08:	VulDB entry created
2025-06-08:	VulDB entry last update

Credits

Jiacheng Zhong finder

Zhengyu Liu finder

Gavin Zhong (VulDB User) reporter

Gavin Zhong (VulDB User) analyst

References

vuldb.com/?id.311633 (VDB-311633 | Redash getattr python.py run_query sandbox) vdb-entry technical-description

vuldb.com/?ctiid.311633 (VDB-311633 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.580255 (Submit #580255 | redash <25.1.0 Sandbox Issue) third-party-advisory

gist.github.com/...rboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894 related

gist.github.com/...rboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894 exploit

cve.org (CVE-2025-5874)

nvd.nist.gov (CVE-2025-5874)

Download JSON