CNNVD-202512-424 Information

Dec 04, 2025 cve

CNNVD ID

CNNVD-202512-424

CVE-2025-14025

CNNVD Published: 2025-12-04

Description (Chinese)

Red Hat Ansible Automation Platform（Red Hat AAP）是美国红帽（Red Hat）公司的一款实现战略性自动化的统一解决方案。 Red Hat Ansible Automation Platform（Red Hat AAP）存在安全漏洞，该漏洞源于aap-gateway，已经拥有管理权限的经过身份验证的攻击者，可以绕过个人访问令牌的只读范围来执行写操作。

Description (English)

Red Hat Automation Platform (Red Hat AAP) is a unified solution to strategic automation by Red Hat. Red Hat Ansible Automation Platform (Red Hat AAP) has a security loophole, which originates from aap-gateway, an identified assailant who already has regulatory authority to perform writing operations by bypassing the read-only range of a personal access token.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

红帽

Published

2025-12-04

Last Modified

2026-02-24

References

https://access.redhat.com/errata/RHSA-2026:0361 https://bugzilla.redhat.com/show_bug.cgi?id=2418785 https://access.redhat.com/errata/RHSA-2026:0360 https://access.redhat.com/errata/RHSA-2026:0409 https://access.redhat.com/security/cve/CVE-2025-14025 https://access.redhat.com/errata/RHSA-2026:0408 https://access.redhat.com/articles/7136004 https://access.redhat.com/security/cve/cve-2025-14025

Share on: