- Description
- A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-94
- Hype score
- Not currently trending
[CVE-2025-49521: HIGH] Flaw discovered in Ansible Automation Platform's EDA component allows authenticated users to execute commands or access files. Vulnerability found in user-supplied Git values.#cve,CVE-2025-49521,#cybersecurity https://t.co/V3qzJzvUhQ https://t.co/JAfmGlPPSm
@CveFindCom
30 Jun 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49521 A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vul… https://t.co/11o58qqf7f
@CVEnew
30 Jun 2025
563 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes