Ansible API Unauthenticated Verbose Data Exposure
CVE-2025-53862 Published on July 11, 2025

Aap: aap-gateway: automation-hub: sensitive information disclosure
A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.


Products Associated with CVE-2025-53862

stack.watch emails you whenever new vulnerabilities are published in Red Hat Ansible Automation Platform or Red Hat Ansible. Just hit a watch button to start following.

Red Hat Ansible Automation Platform
 
Red Hat Ansible
 

Affected Versions

Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2: Red Hat Ansible Automation Platform 2:

Exploit Probability

EPSS
0.02%
Percentile
5.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.