CNNVD-202506-3736 Information
CNNVD ID
CNNVD-202506-3736
Related CVE
- CNNVD Published: 2025-06-30
Description (Chinese)
Red Hat Ansible Automation Platform(Red Hat AAP)是美国红帽(Red Hat)公司的一款实现战略性自动化的统一解决方案。 Red Hat Ansible Automation Platform存在代码注入漏洞,该漏洞源于用户提供的Git分支或引用值未经验证,可能导致命令注入和敏感文件访问。
Description (English)
Red Hat Automation Platform (Red Hat AAP) is a unified solution to strategic automation by Red Hat. Red Hat Ansible Automation Platform has a code infusion loophole, which arises from unverified Git branch or reference values provided by the user, which may lead to command injection and sensitive file access.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
红狮控制
Published
2025-06-30
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/cve-2025-49521 https://vigilance.fr/vulnerability/Red-Hat-Ansible-Automation-Platform-2-5-code-execution-via-Template-Injection-47573 https://nvd.nist.gov/vuln/detail/CVE-2025-49521
Patch
https://www.redhat.com/en/technologies/management/ansible?sc_cid=7015Y000003t7aWQAQ
Share on: