Command Injection Vulnerability in Ansible Automation Platform's EDA Component
CVE-2025-49520

8.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.5 For Rhel 8
Red Hat Ansible Automation Platform 2.5 For Rhel 9
Vendor
CVE Published:
30 June 2025

What is CVE-2025-49520?

A security flaw exists in Ansible Automation Platform's EDA component that arises from the improper handling of user-supplied Git URLs. This vulnerability enables an authenticated attacker to inject arbitrary arguments into the git ls-remote command, facilitating the execution of unauthorized commands on the EDA worker. In environments utilizing Kubernetes or OpenShift, this flaw could result in the theft of service account tokens and unauthorized access to the cluster.

Affected Version(s)

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:1.1.11-1.el8ap

Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:1.1.11-1.el9ap

References

https://access.redhat.com/errata/RHSA-2025:9986
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-49520
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2370812
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49520 : Command Injection Vulnerability in Ansible Automation Platform's EDA Component