CVE-2025-14025

EPSS 0.07%
Veröffentlicht 08.01.2026 13:44:04
Zuletzt bearbeitet 08.01.2026 23:15:43
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.5.20260106-1.el8ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.5.20260106-1.el9ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.6 for RHEL 9

Default Statusaffected

Version < *

Version 0:2.6.20260106-1.el9ap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.5

Default Statusaffected

Version < *

Version sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Ansible Automation Platform 2.6

Default Statusaffected

Version < *

Version sha256:766c7570afc4e9b163a3256a0d7c699327905c1d24213229acb0b96a9e65b615

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.205

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	8.5	1.8	6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-279 Incorrect Execution-Assigned Permissions

While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

https://access.redhat.com/articles/7136004

https://access.redhat.com/security/cve/CVE-2025-14025

https://bugzilla.redhat.com/show_bug.cgi?id=2418785

https://access.redhat.com/errata/RHSA-2026:0360

https://access.redhat.com/errata/RHSA-2026:0361

https://access.redhat.com/errata/RHSA-2026:0408

https://access.redhat.com/errata/RHSA-2026:0409

https://nvd.nist.gov/vuln/detail/CVE-2025-14025

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14025

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14025

EUVD