Jinja2 Template Injection in Ansible Automation Platform by Red Hat
CVE-2025-49521

8.8HIGH

What is CVE-2025-49521?

A vulnerability exists in the EDA component of the Ansible Automation Platform, allowing authenticated users to inject malicious expressions through Git branch or refspec values. When evaluated as Jinja2 templates, these expressions can execute arbitrary commands or gain unauthorized access to sensitive files on the EDA worker. This flaw poses significant risks, particularly in OpenShift environments, where it can lead to the theft of service account tokens.

Affected Version(s)

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:1.1.11-1.el8ap

Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:1.1.11-1.el9ap

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49521 : Jinja2 Template Injection in Ansible Automation Platform by Red Hat