CVE-2025-9909 — Vulnetix

CVE-2025-9909 PUBLISHED CVSS 6.699999809265137 MEDIUM

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

EPSS 0.00% · 0.3th percentile

Risk Scores

CVSS 3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.00%

0.3th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	, , 0:2.1.2-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	*, 0:3.8.0-1.el8ap, 0:3.8.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:2.13.0-1.el8ap, 0:2.13.0-1.el8ap, 0:2.13.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.6	sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7, sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7, sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:0.2.15-1.el9ap, 0:0.2.15-1.el9ap, 0:0.2.15-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:0.4.0-1.el8ap, 0:0.4.0-1.el8ap, 0:0.4.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:3.1.1-1.el8ap, *, 0:3.1.1-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:25.12.0-1.2.el9ap, 0:25.12.0-1.2.el9ap, 0:25.12.0-1.2.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:25.12.0-1.el8ap, 0:25.12.0-1.el8ap, 0:25.12.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:4.10.10-1.el9ap, 0:4.10.10-1.el9ap, 0:4.10.10-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:23.0.0-1.el8ap, 0:23.0.0-1.el8ap, 0:23.0.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	, 0:0.4.2-1.el8ap,
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	*, 0:4.15.0-1.el8ap, 0:4.15.0-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:0.2.15-1.el8ap, 0:0.2.15-1.el8ap, 0:0.2.15-1.el8ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:0.4.0-1.el9ap, 0:0.4.0-1.el9ap, 0:0.4.0-1.el9ap
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:4.2.26-1.el8ap, ,
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:1.6.0-1.el9ap, 0:1.6.0-1.el9ap, *

…and 38 more

Exploit Intelligence

CIRCL seen: CVE-2025-9909 (circl-sighting)
RHSA-2025:21768 (circl)
RHSA-2025:21775 (circl)
RHSA-2025:23069 (circl)
RHSA-2025:23131 (circl)
https://access.redhat.com/security/cve/CVE-2025-9909 (circl)
RHBZ#2392836 (circl)

Timeline

Sep 3, 2025 CVE ID Reserved
Feb 27, 2026 EPSS Score
Feb 27, 2026 CVE Published
Feb 27, 2026 PoC Published
Feb 27, 2026 CVE Updated
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 3, 2026 Distribution Patch
Mar 3, 2026 Distribution Patch
Mar 3, 2026 Distribution Patch
Mar 3, 2026 Distribution Patch

References

RHSA-2025:21768 vendor-advisory
RHSA-2025:21775 vendor-advisory
RHSA-2025:23069 vendor-advisory
RHSA-2025:23131 vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-9909 vdb
RHBZ#2392836 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-9909 advisory

Open in Interactive Console →