Command Injection Vulnerability in Ansible Automation Platform's EDA Component
CVE-2025-49520
8.8HIGH
What is CVE-2025-49520?
A security flaw exists in Ansible Automation Platform's EDA component that arises from the improper handling of user-supplied Git URLs. This vulnerability enables an authenticated attacker to inject arbitrary arguments into the git ls-remote command, facilitating the execution of unauthorized commands on the EDA worker. In environments utilizing Kubernetes or OpenShift, this flaw could result in the theft of service account tokens and unauthorized access to the cluster.