Jinja2 Template Injection in Ansible Automation Platform by Red Hat
CVE-2025-49521
8.8HIGH
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 30 June 2025
What is CVE-2025-49521?
A vulnerability exists in the EDA component of the Ansible Automation Platform, allowing authenticated users to inject malicious expressions through Git branch or refspec values. When evaluated as Jinja2 templates, these expressions can execute arbitrary commands or gain unauthorized access to sensitive files on the EDA worker. This flaw poses significant risks, particularly in OpenShift environments, where it can lead to the theft of service account tokens.
Affected Version(s)
Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:1.1.11-1.el8ap
Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:1.1.11-1.el9ap