Jinja2 Template Injection in Ansible Automation Platform by Red Hat
CVE-2025-49521

8.8HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.5 For Rhel 8
Red Hat Ansible Automation Platform 2.5 For Rhel 9
Vendor
CVE Published:
30 June 2025

What is CVE-2025-49521?

A vulnerability exists in the EDA component of the Ansible Automation Platform, allowing authenticated users to inject malicious expressions through Git branch or refspec values. When evaluated as Jinja2 templates, these expressions can execute arbitrary commands or gain unauthorized access to sensitive files on the EDA worker. This flaw poses significant risks, particularly in OpenShift environments, where it can lead to the theft of service account tokens.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:1.1.11-1.el8ap

Red Hat Ansible Automation Platform 2.5 for RHEL 9 0:1.1.11-1.el9ap

References

https://access.redhat.com/errata/RHSA-2025:9986
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-49521
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2370817
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.