PT-2025-9209 · Red Hat · Red Hat Ansible Automation Platform

Chris Meyers

Published

2025-03-02

Updated

2025-03-04

CVE-2025-1801

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Ansible aap-gateway (affected versions not specified)

Description A flaw was found in the Ansible aap-gateway, where concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2026-00042

CVE-2025-1801

RHSA-2025:1954

Affected Products

Red Hat Ansible Automation Platform

PT-2025-9209 · Red Hat · Red Hat Ansible Automation Platform

CVE-2025-1801

Weakness Enumeration

Related Identifiers

Affected Products

References · 10