FKIE_CVE-2025-49521

Vulnerability from fkie_nvd - Published: 2025-06-30 21:15 - Updated: 2025-07-03 15:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:9986
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-49521
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2370817
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en el componente EDA de Ansible Automation Platform, donde los valores de rama o refspec de Git proporcionados por el usuario se eval\u00faan como plantillas Jinja2. Esta vulnerabilidad permite a los usuarios autenticados inyectar expresiones que ejecutan comandos o acceden a archivos confidenciales en el trabajador EDA. En OpenShift, puede provocar el robo de tokens de cuentas de servicio."
    }
  ],
  "id": "CVE-2025-49521",
  "lastModified": "2025-07-03T15:14:12.767",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-30T21:15:31.063",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9986"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49521"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370817"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.