CVE-2025-49520 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerabi…
High CVSS: 8.8

CVE-2025-49520

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.
Vendor
-
Product
-
CWE
CWE-88
Yayın Tarihi
2025-06-30 21:15:30
Güncelleme
2025-07-03 15:14:12
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-88 HIGH 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:9986 https://access.redhat.com/security/cve/CVE-2025-49520 https://bugzilla.redhat.com/show_bug.cgi?id=2370812