Vulnerability in Red Hat Ansible Automation Platform Affects Event-Driven Ansible Streams
CVE-2025-9908

6.7MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Ansible Automation Platform 2.5 For Rhel 8
Red Hat Ansible Automation Platform 2.5 For Rhel 9
Red Hat Ansible Automation Platform 2.6 For Rhel 9
Red Hat Ansible Automation Platform 2.5
Vendor
CVE Published:
27 February 2026

What is CVE-2025-9908?

A flaw exists in Red Hat Ansible Automation Platform's Event-Driven Ansible component that enables an authenticated user to exploit crafted requests. This leads to unauthorized access to sensitive internal infrastructure headers, including X-Trusted-Proxy and X-Envoy-*. By extracting these headers, an attacker may be able to impersonate trusted requests, escalate user privileges, or carry out malicious event injection, posing a potential risk to the integrity of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ansible Automation Platform 2.5 sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:3.1.1-1.el8ap

Red Hat Ansible Automation Platform 2.5 for RHEL 8 0:25.12.0-1.el8ap

References

https://access.redhat.com/errata/RHSA-2025:19201
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:19221
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:23069
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Elijah DeLee (Red Hat).
JSON
.