Vulnetix
Try Vulnetix Request Demo
CVE-2025-9909 PUBLISHED CVSS 6.699999809265137 MEDIUM

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

EPSS 0.01% · 0.4th percentile

Risk Scores

CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.01%
0.4th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:2.1.2-1.el8ap, 0:2.1.2-1.el8ap, 0:2.1.2-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:3.8.0-1.el8ap, 0:3.8.0-1.el8ap, 0:3.8.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:2.13.0-1.el8ap, 0:2.13.0-1.el8ap, 0:2.13.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.6sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7, sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7, sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:0.2.15-1.el9ap, 0:0.2.15-1.el9ap, 0:0.2.15-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.4.0-1.el8ap, 0:0.4.0-1.el8ap, 0:0.4.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:3.1.1-1.el8ap, 0:3.1.1-1.el8ap, 0:3.1.1-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:25.12.0-1.2.el9ap, 0:25.12.0-1.2.el9ap, 0:25.12.0-1.2.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:25.12.0-1.el8ap, 0:25.12.0-1.el8ap, 0:25.12.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:4.10.10-1.el9ap, 0:4.10.10-1.el9ap, 0:4.10.10-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:23.0.0-1.el8ap, 0:23.0.0-1.el8ap, 0:23.0.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.4.2-1.el8ap, 0:0.4.2-1.el8ap, 0:0.4.2-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:4.15.0-1.el8ap, 0:4.15.0-1.el8ap, 0:4.15.0-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:25.12.0-1.el9ap, 0:25.12.0-1.el9ap, 0:25.12.0-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:0.2.15-1.el8ap, 0:0.2.15-1.el8ap, 0:0.2.15-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:0.4.0-1.el9ap, 0:0.4.0-1.el9ap, 0:0.4.0-1.el9ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 80:4.2.26-1.el8ap, 0:4.2.26-1.el8ap, 0:4.2.26-1.el8ap
Red HatRed Hat Ansible Automation Platform 2.5 for RHEL 90:1.6.0-1.el9ap, 0:1.6.0-1.el9ap, 0:1.6.0-1.el9ap

…and 38 more

Timeline

References

Open in Interactive Console →