Description
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).
References (7)
Core 7
Core References
Vendor Advisory
https://access.redhat.com/articles/7136004
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2418785
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0360
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0361
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0408
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0409
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14025
Scores
CVSS v3
8.5
EPSS
0.0002
EPSS Percentile
5.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-279
Status
published
Products (5)
Red Hat/Red Hat Ansible Automation Platform 2.5
sha256:2df290b61d7aac08deec2973d0a9b98788f6b619e974af0b3f4b61c759c7e464
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 8
0:2.5.20260106-1.el8ap
Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 9
0:2.5.20260106-1.el9ap
Red Hat/Red Hat Ansible Automation Platform 2.6
sha256:766c7570afc4e9b163a3256a0d7c699327905c1d24213229acb0b96a9e65b615
Red Hat/Red Hat Ansible Automation Platform 2.6 for RHEL 9
0:2.6.20260106-1.el9ap
Published
Jan 08, 2026
Tracked Since
Feb 18, 2026