PT-2026-1730 · Red Hat · Ansible Automation Platform
Published
2026-01-08
·
Updated
2026-01-08
·
CVE-2025-14025
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ansible Automation Platform (AAP) (affected versions not specified)
Description
A flaw exists in Ansible Automation Platform (AAP) where read-only scoped OAuth2 API Tokens, enforced at the Gateway level for Gateway-specific operations, can be used to perform write operations on backend services such as the Controller, Hub, and EDA. Exploitation of this issue could allow an attacker’s capabilities to be limited only by role based access controls (RBAC).
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ansible Automation Platform