CVE-2025-9908

Name of the Vulnerable Software and Affected Versions Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams (affected versions not specified)

Description A flaw exists in Event-Driven Ansible (EDA) Event Streams that allows an authenticated user to access sensitive internal infrastructure headers, such as X-Trusted-Proxy and X-Envoy-*, and event stream URLs through specially crafted requests and job templates. An attacker could potentially exploit this by exfiltrating these headers to spoof trusted requests, escalate privileges, or inject malicious events. The vulnerability involves the manipulation of requests and job templates to reveal internal information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.