Vulnerability in Ansible Affects Security of Sensitive Cookies
CVE-2025-53861

3.1LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-53861?

A security flaw has been identified in Ansible where sensitive cookies are transmitted without proper security flags over non-encrypted channels. This vulnerability increases the risk of Man-in-the-Middle (MitM) and Cross-site Scripting (XSS) attacks, enabling potential attackers to intercept and read sensitive data during transmission. It highlights the importance of employing proper encryption and security measures for data protection.

References

https://access.redhat.com/security/cve/CVE-2025-53861

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2379360

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jul 10, 2025

JSON

Red Hat

What is CVE-2025-53861?

References

CVSS V3.1

Timeline