Credential Theft Vulnerability in Red Hat Ansible Automation Platform
CVE-2025-9909

6.7MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Ansible Automation Platform 2.5 For Rhel 8; Red Hat Ansible Automation Platform 2.5 For Rhel 9; Red Hat Ansible Automation Platform 2.6 For Rhel 9; Red Hat Ansible Automation Platform 2.5
Vendor: CVE Published:; 27 February 2026

What is CVE-2025-9909?

A vulnerability exists in the route creation component of the Red Hat Ansible Automation Platform Gateway. This flaw allows attackers to exploit misleading routes initiated by a double-slash (//) prefix in the gateway_path. A compromised or socially engineered administrator can effectively create a honey-pot route designed to intercept and exfiltrate user credentials. This manipulation opens the door for attackers to maintain persistent access or set up a backdoor, even after original permissions have been revoked, posing a significant risk to sensitive user data and system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch