CVE-2025-50465 – OpenMetadata versions up to 1.4.4 contain a SQL... (How to Fix)

Q: What is the severity of CVE-2025-50465?

CVE-2025-50465 has a CVSS score of 7.1 (HIGH). OpenMetadata versions up to 1.4.4 contain a SQL injection vulnerability in the TestDefinitionDAO interface. Attackers can exploit the testPlatform parameter in the listCount function to execute arbitrary SQL queries and extract sensitive data from the database. This affects all deployments running vulnerable OpenMetadata versions.

📋 TL;DR

OpenMetadata versions up to 1.4.4 contain a SQL injection vulnerability in the TestDefinitionDAO interface. Attackers can exploit the testPlatform parameter in the listCount function to execute arbitrary SQL queries and extract sensitive data from the database. This affects all deployments running vulnerable OpenMetadata versions.

💻 Affected Systems

Products:

OpenMetadata

Versions: <= 1.4.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Openmetadata by Open Metadata

View all CVEs affecting Openmetadata →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, data manipulation, or potential privilege escalation to underlying systems.

🟠

Likely Case

Unauthorized data extraction from OpenMetadata database including sensitive metadata, user information, or configuration data.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Proof of concept available in public gist. Exploitation requires access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 1.4.4

Vendor Advisory: https://github.com/open-metadata/OpenMetadata/security/advisories

Restart Required: Yes

Instructions:

1. Upgrade OpenMetadata to version 1.4.5 or later. 2. Restart the OpenMetadata service. 3. Verify the fix by checking the version and testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or proxy rules to filter SQL injection patterns in testPlatform parameter

Database Permission Restriction

all

Limit database user permissions to read-only for the application account

🧯 If You Can't Patch

Implement strict input validation for the testPlatform parameter at the application layer
Restrict network access to OpenMetadata endpoints to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check OpenMetadata version. If version <= 1.4.4, examine the CollectionDAO.java file lines 3515-3517 for vulnerable SQL construction.

Check Version:

Check OpenMetadata UI or configuration files for version information

Verify Fix Applied:

Verify OpenMetadata version > 1.4.4 and check that parameterized queries are used in TestDefinitionDAO interface.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SQL errors
Requests with SQL syntax in testPlatform parameter

Network Indicators:

Unusual database connection patterns from application server
Large data transfers from database

SIEM Query:

source="openmetadata" AND (testPlatform CONTAINS "UNION" OR testPlatform CONTAINS "SELECT" OR testPlatform CONTAINS "--")

📊 Metadata

CVE ID: CVE-2025-50465

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-89

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: August 8, 2025

Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50465, you might also want to check these: