← Back to CVEs
CVE-2025-49521
HIGH8.8
Description
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/30/2025
Last Modified7/3/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-94
References
https://access.redhat.com/errata/RHSA-2025:9986(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2025-49521(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2370817(secalert@redhat.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.