CVE-2025-9909

Name of the Vulnerable Software and Affected Versions Red Hat Ansible Automation Platform Gateway (affected versions not specified)

Description A flaw exists in the route creation component of the Ansible Automation Platform Gateway. This allows for credential theft through the creation of misleading routes utilizing a double-slash (//) prefix within the gateway path. A malicious administrator, or one susceptible to social engineering, can configure a deceptive route to intercept and steal user credentials, potentially establishing persistent access or a backdoor, even after their permissions are removed. The vulnerability involves creating routes with a double-slash (//) prefix in the gateway path to intercept credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.