{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5874", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-08T17:53:18.632Z", "datePublished": "2025-06-09T11:00:14.520Z", "dateUpdated": "2025-06-09T15:51:34.307Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-09T11:00:14.520Z"}, "title": "Redash getattr python.py run_query sandbox", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-265", "lang": "en", "description": "Sandbox Issue"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-264", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "n/a", "product": "Redash", "versions": [{"version": "10.0", "status": "affected"}, {"version": "10.1.0", "status": "affected"}, {"version": "25.0", "status": "affected"}, {"version": "25.1.0", "status": "affected"}], "modules": ["getattr Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Redash bis 10.1.0/25.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion run_query der Datei /query_runner/python.py der Komponente getattr Handler. Durch die Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-08T22:17:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jiacheng Zhong", "type": "finder"}, {"lang": "en", "value": "Zhengyu Liu", "type": "finder"}, {"lang": "en", "value": "Gavin Zhong (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "Gavin Zhong (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.311633", "name": "VDB-311633 | Redash getattr python.py run_query sandbox", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.311633", "name": "VDB-311633 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.580255", "name": "Submit #580255 | redash <25.1.0 Sandbox Issue", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894", "tags": ["related"]}, {"url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894#proof-of-concept", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T15:47:05.624437Z", "id": "CVE-2025-5874", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:51:34.307Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5874", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T15:47:05.624437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:51:29.484Z"}}], "cna": {"title": "Redash getattr python.py run_query sandbox", "credits": [{"lang": "en", "type": "finder", "value": "Jiacheng Zhong"}, {"lang": "en", "type": "finder", "value": "Zhengyu Liu"}, {"lang": "en", "type": "reporter", "value": "Gavin Zhong (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "Gavin Zhong (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.2, "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["getattr Handler"], "product": "Redash", "versions": [{"status": "affected", "version": "10.0"}, {"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "25.0"}, {"status": "affected", "version": "25.1.0"}]}], "timeline": [{"lang": "en", "time": "2025-06-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-08T22:17:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.311633", "name": "VDB-311633 | Redash getattr python.py run_query sandbox", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.311633", "name": "VDB-311633 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.580255", "name": "Submit #580255 | redash <25.1.0 Sandbox Issue", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894", "tags": ["related"]}, {"url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894#proof-of-concept", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Redash bis 10.1.0/25.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion run_query der Datei /query_runner/python.py der Komponente getattr Handler. Durch die Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-265", "description": "Sandbox Issue"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-264", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-09T11:00:14.520Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5874", "state": "PUBLISHED", "dateUpdated": "2025-06-09T15:51:34.307Z", "dateReserved": "2025-06-08T17:53:18.632Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-09T11:00:14.520Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-5874", "lastModified": "2025-06-09T12:15:47.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-09T11:15:22.440", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894"}, {"source": "cna@vuldb.com", "url": "https://gist.github.com/superboy-zjc/1f89d375e2408ed843dc2cf0bb1bb894#proof-of-concept"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.311633"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.311633"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.580255"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "CWE-265"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}