CVE-2025-9907

Name of the Vulnerable Software and Affected Versions Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API (affected versions not specified)

Description A flaw exists in the Event-Driven Ansible (EDA) Event Stream API that can lead to the exposure of sensitive client credentials and internal infrastructure headers. This exposure occurs through the test headers field when an event stream is in test mode. Potential consequences include the leakage of internal infrastructure details, accidental disclosure of user or system credentials, possible privilege escalation if high-value tokens are exposed, and persistent exposure of sensitive data to users with read access to the event stream. The API endpoint involved is the Event Stream API. The vulnerable parameter is test headers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.