Authorization Flaw in Ansible Automation Platform by Red Hat
CVE-2025-14025

8.5HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.5 For Rhel 8
Red Hat Ansible Automation Platform 2.5 For Rhel 9
Red Hat Ansible Automation Platform 2.6 For Rhel 9
Red Hat Ansible Automation Platform 2.5
Vendor
CVE Published:
8 January 2026

What is CVE-2025-14025?

A security flaw has been identified in the Ansible Automation Platform that improperly handles read-only scoped OAuth2 API tokens. While these tokens should restrict operations to read-only access at the Gateway level, this vulnerability permits them to perform write operations on critical backend services, including Controller, Hub, and EDA. An attacker exploiting this weakness could manipulate data and settings, with their actions governed only by existing role-based access controls (RBAC), potentially leading to unauthorized changes and security breaches.

Affected Version(s)

Red Hat Ansible Automation Platform 2.5 sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:2.5.20260106-1.el8ap

Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:2.5.20260106-1.el9ap

References

https://access.redhat.com/articles/7136004
https://access.redhat.com/errata/RHSA-2026:0360
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0361
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-14025 : Authorization Flaw in Ansible Automation Platform by Red Hat