{}

{}

{}

{"bugzilla": {"description": "ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions", "id": "2418785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418785"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-279", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-14025", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-12-04T10:10:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-14025\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-14025"], "statement": "Red Hat rates this as Low impact because an authenticated attacker, already possessing administrative privileges, can bypass the read-only scope of a Personal Access Token to perform write operations. This does not lead to an escalation of privileges beyond what the user already holds.", "threat_severity": "Low"}

{}