FKIE_CVE-2025-14025

Vulnerability from fkie_nvd - Published: 2026-01-08 14:15 - Updated: 2026-06-17 08:35
Severity
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).
References
secalert@redhat.comhttps://access.redhat.com/articles/7136004
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:0360
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:0361
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:0408
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2026:0409
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-14025
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2418785
Impacted products
Vendor Product Version
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20260106-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.5::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.5.20260106-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-gateway",
          "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.6.20260106-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-25/gateway-rhel8",
          "product": "Red Hat Ansible Automation Platform 2.5",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-26/gateway-rhel9",
          "product": "Red Hat Ansible Automation Platform 2.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:766c7570afc4e9b163a3256a0d7c699327905c1d24213229acb0b96a9e65b615",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "source": "secalert@redhat.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker\u2018s capabilities would only be limited by role based access controls (RBAC)."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en Ansible Automation Platform (AAP). Los tokens de API OAuth2 con alcance de solo lectura en AAP se aplican a nivel de Gateway para operaciones espec\u00edficas del Gateway. Sin embargo, esta vulnerabilidad permite que los tokens de solo lectura realicen operaciones de escritura en servicios de backend (por ejemplo, Controller, Hub, EDA). Si esta falla fuera explotada, las capacidades de un atacante solo estar\u00edan limitadas por los controles de acceso basados en roles (RBAC)."
    }
  ],
  "id": "CVE-2025-14025",
  "lastModified": "2026-06-17T08:35:11.687",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-14025",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-01-09T04:55:21.012638Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-01-08T14:15:56.510",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/articles/7136004"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:0360"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:0361"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:0408"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2026:0409"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-14025"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418785"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-279"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.