CVE-2025-5874

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874 Redash getattr python.py run_query sandbox

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874 Redash getattr python.py run_query sandbox

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874

CVE-2025-5874 affects Redash, up to versions 10.1.0/25.1.0, via the getattr Handler’s run_query function in /query_runner/python.py, causing a sandbox issue. The exploitability is reported as high complexity with public PoC evidence; exploitation maturity is noted as proof-of-concept. The vendor ...

D-Tale Command Execution Vulnerability

D-Tale is the combination of a Flask back-end and a React front-end to bring you an easy way to view & analyze Pandas data structures. In dtale\views.py, under the route @dtale.route"/chart-data/", the query parameters from the request are directly passed into runquery for execution. And...