CVE-2025-50465

High CVSS 7.1

Overview

OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

CWE: CWE-89 Published: 2025-08-08T17:15:28.753

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.1 (HIGH)
Detected tags: sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags