CVE-2025-5874 | Redash up to 10.1.0/25.1.0 getattr /query_runner/python.py run_query sandbox

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue.

The identification of this vulnerability is CVE-2025-5874. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More