Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14025

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Jan, 2026 | 13:44
Updated At-26 Feb, 2026 | 15:04
Rejected At-
Credits

Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Jan, 2026 | 13:44
Updated At:26 Feb, 2026 | 15:04
Rejected At:
▼CVE Numbering Authority (CNA)
Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform:2.5::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.5.20260106-1.el8ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform:2.5::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.5.20260106-1.el9ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
automation-gateway
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
affected
Versions
Unaffected
  • From 0:2.6.20260106-1.el9ap before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
ansible-automation-platform-25/gateway-rhel8
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
Default Status
affected
Versions
Unaffected
  • From sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
ansible-automation-platform-26/gateway-rhel9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
Default Status
affected
Versions
Unaffected
  • From sha256:766c7570afc4e9b163a3256a0d7c699327905c1d24213229acb0b96a9e65b615 before * (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-279Incorrect Execution-Assigned Permissions
Type: CWE
CWE ID: CWE-279
Description: Incorrect Execution-Assigned Permissions
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Defense-in-depth practices such as using RBAC to enforce the principle of least privilege and careful token management are essential to reduce the scope of impact. See this KCS article for additional details and strategies. https://access.redhat.com/articles/7136004

Exploits
Credits
Timeline
EventDate
Reported to Red Hat.2025-12-04 12:28:51
Made public.2025-12-04 10:10:00
Event: Reported to Red Hat.
Date: 2025-12-04 12:28:51
Event: Made public.
Date: 2025-12-04 10:10:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/articles/7136004
N/A
https://access.redhat.com/errata/RHSA-2026:0360
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0361
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0408
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0409
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-14025
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2418785
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/articles/7136004
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0360
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0361
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0408
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0409
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-14025
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2418785
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:08 Jan, 2026 | 14:15
Updated At:08 Jan, 2026 | 23:15

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-279Secondarysecalert@redhat.com
CWE ID: CWE-279
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/articles/7136004secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0360secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0361secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0408secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:0409secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2025-14025secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2418785secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/articles/7136004
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0360
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0361
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0408
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:0409
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-14025
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2418785
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found