VDB

CISA-2025-9909

CISA-2025-9909 PUBLISHED CVSS 6.7 MEDIUM

Reported by redhat · Published February 27, 2026

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

Risk Scores

CVSS 3.1
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:3.1.1-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.2-1.1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.1.4-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:2.5.20251210-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:4.10.10-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:2.13.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.4.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:4.2.26-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:2.1.2-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.4.36-2.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:4.10.10-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:23.0.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:1.6.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:9.0.1-1.el8ap

…and 90 more

Timeline

  • Feb 27, 2026 CVE Published
  • Feb 27, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›