CVE-2025-9908

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:19201	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:19221	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:23069	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:23131	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-9908	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2392835	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:redhat:ansible_automation_platform::::::::
	cpe:2.3:a:redhat:ansible_developer:1.2:::::::*
	cpe:2.3:a:redhat:ansible_developer:1.3:::::::*
	cpe:2.3:a:redhat:ansible_inside:1.3:::::::*
	cpe:2.3:a:redhat:ansible_inside:1.4:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

No history.

Information

Published : 2026-02-27 08:17

Updated : 2026-03-25 20:19

NVD link : CVE-2025-9908

Mitre link : CVE-2025-9908

CVE.ORG link : CVE-2025-9908

JSON object : View

Products Affected

redhat

ansible_automation_platform
ansible_developer
ansible_inside
enterprise_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2025-9908", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2026-02-27T08:17:07.580", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:19201", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:19221", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23069", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:23131", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-9908", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392835", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. Esta vulnerabilidad permite a un usuario autenticado obtener acceso a encabezados de infraestructura interna sensibles (como X-Trusted-Proxy y X-Envoy-*) y URLs de flujo de eventos a trav\u00e9s de solicitudes manipuladas y plantillas de trabajo. Al exfiltrar estos encabezados, un atacante podr\u00eda suplantar solicitudes confiables, escalar privilegios o realizar inyecci\u00f3n de eventos maliciosos."}], "lastModified": "2026-03-25T20:19:13.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:ansible_automation_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10C9CE31-2A2D-4D62-88B2-7704E06232B2", "versionEndExcluding": "2.6"}, {"criteria": "cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF19DE86-0524-4785-B606-F8E384FD23F1"}, {"criteria": "cpe:2.3:a:redhat:ansible_developer:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4EB01A6-27A6-4F37-BC3C-B713444C5EE6"}, {"criteria": "cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2C9238C-11E7-42A2-A87B-3B82F1F6DA5B"}, {"criteria": "cpe:2.3:a:redhat:ansible_inside:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A05A94D-49A7-4238-9F2C-1221BA88BACB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}