{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49520", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-06-06T14:33:40.850Z", "datePublished": "2025-06-30T20:45:28.706Z", "dateUpdated": "2025-09-25T18:04:39.974Z"}, "containers": {"cna": {"title": "Event-driven-ansible: authenticated argument injection in git url in eda project creation", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Automation Platform\u2019s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "automation-eda-controller", "defaultStatus": "affected", "versions": [{"version": "0:1.1.11-1.el8ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "automation-eda-controller", "defaultStatus": "affected", "versions": [{"version": "0:1.1.11-1.el9ap", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9986", "name": "RHSA-2025:9986", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49520", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370812", "name": "RHBZ#2370812", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-06-30T20:43:13.185Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-06-06T15:04:28.551000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-30T20:43:13.185000+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-25T18:04:39.974Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-49520"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T03:55:21.471Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49520", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-01T19:18:12.379532Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T19:24:35.698Z"}}], "cna": {"title": "Event-driven-ansible: authenticated argument injection in git url in eda project creation", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "versions": [{"status": "unaffected", "version": "0:1.1.11-1.el8ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "automation-eda-controller", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9", "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8", "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "cpe:/a:redhat:ansible_automation_platform:2.5::el8"], "vendor": "Red Hat", "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "versions": [{"status": "unaffected", "version": "0:1.1.11-1.el9ap", "lessThan": "*", "versionType": "rpm"}], "packageName": "automation-eda-controller", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-06-06T15:04:28.551000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-06-30T20:43:13.185000+00:00", "value": "Made public."}], "datePublic": "2025-06-30T20:43:13.185Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9986", "name": "RHSA-2025:9986", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2025-49520", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370812", "name": "RHBZ#2370812", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Automation Platform\u2019s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-25T18:04:39.974Z"}, "x_redhatCweChain": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}}, "cveMetadata": {"cveId": "CVE-2025-49520", "state": "PUBLISHED", "dateUpdated": "2025-09-25T18:04:39.974Z", "dateReserved": "2025-06-06T14:33:40.850Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-06-30T20:45:28.706Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible Automation Platform\u2019s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access."}, {"lang": "es", "value": "Se detect\u00f3 una falla en el componente EDA de Ansible Automation Platform, donde las URL de Git proporcionadas por el usuario se pasan sin depurar al comando git ls-remote. Esta vulnerabilidad permite a un atacante autenticado inyectar argumentos y ejecutar comandos arbitrarios en el trabajador de EDA. En entornos Kubernetes/OpenShift, esto puede provocar el robo de tokens de cuentas de servicio y el acceso al cl\u00faster."}], "id": "CVE-2025-49520", "lastModified": "2025-07-03T15:14:12.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-06-30T21:15:30.913", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:9986"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-49520"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370812"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:9986", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package": "automation-eda-controller-0:1.1.11-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date": "2025-06-30T00:00:00Z"}, {"advisory": "RHSA-2025:9986", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package": "automation-eda-controller-0:1.1.11-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date": "2025-06-30T00:00:00Z"}], "bugzilla": {"description": "event-driven-ansible: Authenticated Argument Injection in Git URL in EDA Project Creation", "id": "2370812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370812"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-88", "details": ["A flaw was found in Ansible Automation Platform\u2019s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.", "A flaw was found in Ansible Automation Platform\u2019s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-49520", "public_date": "2025-06-30T20:43:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-49520\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49520"], "statement": "The Red Hat Product Security team has assessed the severity of this vulnerability as Important. Although authentication is required, the flaw allows remote code execution and token theft within containerized environments like OpenShift. The vulnerability stems from a lack of input validation on user-supplied Git URLs passed to git commands.", "threat_severity": "Important"}

{}