Flaw in Red Hat Ansible Automation Platform Event-Driven API Exposes Sensitive Credentials
CVE-2025-9907

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2.5 For Rhel 8; Red Hat Ansible Automation Platform 2.5 For Rhel 9; Red Hat Ansible Automation Platform 2.6 For Rhel 9; Red Hat Ansible Automation Platform 2.5
Vendor: CVE Published:; 27 February 2026

What is CVE-2025-9907?

A vulnerability within the Red Hat Ansible Automation Platform's Event-Driven Ansible (EDA) Event Stream API could allow unauthorized exposure of sensitive client credentials and internal infrastructure headers when operating in test mode. This flaw may lead to the accidental exposure of user credentials, privilege escalation risks if high-value tokens are accessed, and the potential for persistent leakage of sensitive data for any user with read access to the event stream. Organizations using these products should review their configurations and take action to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch