CVE-2025-49520

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform (affected versions not specified)

Description: A flaw was found in Ansible Automation Platform's EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This issue allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.