Ansible-Collection-Community-General: Info Exposure via Verbose Debug Output
CVE-2025-14010 Published on December 4, 2025
Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
Vulnerability Analysis
CVE-2025-14010 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2025-14010
stack.watch emails you whenever new vulnerabilities are published in Red Hat Ceph Storage or Red Hat Openstack. Just hit a watch button to start following.
Affected Versions
ansible-collections Ansible Community General Collection:- Version 7.1.0 and below 9.5.13 is affected.
- Version 10.0.0 and below 10.7.6 is affected.
- Version 11.0.0 and below 11.4.1 is affected.
- Version 12.0.0 and below 12.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.