CVE-2025-14025 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operati…
High CVSS: 8.5

CVE-2025-14025

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).
Vendor
-
Product
-
CWE
CWE-279
Yayın Tarihi
2026-01-08 14:15:56
Güncelleme
2026-01-08 23:15:43
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-279 HIGH 2026

Referanslar

https://access.redhat.com/articles/7136004 https://access.redhat.com/errata/RHSA-2026:0360 https://access.redhat.com/errata/RHSA-2026:0361 https://access.redhat.com/errata/RHSA-2026:0408 https://access.redhat.com/errata/RHSA-2026:0409 https://access.redhat.com/security/cve/CVE-2025-14025 https://bugzilla.redhat.com/show_bug.cgi?id=2418785