CVE-2025-49521

Name of the Vulnerable Software and Affected Versions: Ansible Automation Platform (affected versions not specified)

Description: A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This issue allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.