All 6 CVE vulnerabilities found in Red Hat Ansible Automation Platform 2.5 for RHEL 8, with AI-generated Chinese analysis, references, and POCs.
Vendor: Red Hat
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9909 | Aap-gateway: improper path validation in gateway allows credential exfiltration CWE-647 | 6.7 | Medium | 2026-02-27 |
| CVE-2025-9908 | Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams CWE-200 | 6.7 | Medium | 2026-02-27 |
| CVE-2025-9907 | Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda CWE-200 | 6.7 | Medium | 2026-02-27 |
| CVE-2025-14025 | Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions CWE-279 | 8.5 | High | 2026-01-08 |
| CVE-2025-49520 | Event-driven-ansible: authenticated argument injection in git url in eda project creation CWE-88 | 8.8 | High | 2025-06-30 |
| CVE-2025-49521 | Event-driven-ansible: template injection via git branch and refspec in eda projects CWE-94 | 8.8 | High | 2025-06-30 |
All 6 known CVE vulnerabilities affecting Red Hat Ansible Automation Platform 2.5 for RHEL 8 with full Chinese analysis, references, and POCs where available.