6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @anthonyroussel Activity log
- Created automatic suggestion
- @anthonyroussel dismissed
Aap-gateway: improper path validation in gateway allows credential exfiltration
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
References
- RHSA-2025:21768 x_refsource_REDHAT vendor-advisory
- RHSA-2025:21775 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23069 x_refsource_REDHAT vendor-advisory
- RHSA-2025:23131 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-9909 x_refsource_REDHAT vdb-entry
- RHBZ#2392836 issue-tracking x_refsource_REDHAT
Affected products
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.ansible-lint
Best practices checker for Ansible
pkgs.ansible-builder
Ansible execution environment builder
pkgs.ansible-navigator
Text-based user interface (TUI) for Ansible
pkgs.python312Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python313Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python314Packages.bindep
Bindep is a tool for checking the presence of binary packages needed to use an application / library
pkgs.python312Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python313Packages.molecule
Molecule aids in the development and testing of Ansible roles
pkgs.python314Packages.molecule
Aids in the development and testing of Ansible roles
pkgs.python312Packages.ansible-builder
Ansible execution environment builder
pkgs.python313Packages.ansible-builder
Ansible execution environment builder
pkgs.python314Packages.ansible-builder
Ansible execution environment builder
pkgs.python312Packages.molecule-plugins
Collection on molecule plugins
pkgs.python313Packages.molecule-plugins
Collection on molecule plugins
pkgs.python314Packages.molecule-plugins
Collection on molecule plugins
Package maintainers
-
@Melkor333 Samuel Ruprecht <samuel@ton-kunst.ch>
-
@sengaya Thilo Uttendorfer <tlo@sengaya.de>
-
@HarisDotParis Haris <git@haris.paris>
-
@robsliwi Robert Sliwinski <r@sliwi.org>
-
@dawidd6 Dawid Dziurla <dawidd0811@gmail.com>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@vinetos vinetos <contact+git@vinetos.fr>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>