A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, there is no mitigation available for this vulnerability.

History

Mon, 11 Aug 2025 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 9e-05}


Fri, 11 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 11 Jul 2025 13:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Title aap: Sensitive Cookie(s) Set Without Security Flags Aap: sensitive cookie(s) set without security flags
First Time appeared Redhat
Redhat ansible Automation Platform
CPEs cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products Redhat
Redhat ansible Automation Platform
References

Fri, 11 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title aap: Sensitive Cookie(s) Set Without Security Flags
Weaknesses CWE-319
References
Metrics threat_severity

None

cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-25T18:34:57.497Z

Reserved: 2025-07-10T19:20:35.738Z

Link: CVE-2025-53861

cve-icon Vulnrichment

Updated: 2025-07-11T13:19:35.501Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-11T13:15:59.160

Modified: 2025-08-11T19:21:12.100

Link: CVE-2025-53861

cve-icon Redhat

Severity : Low

Publid Date: 2025-07-10T00:00:00Z

Links: CVE-2025-53861 - Bugzilla

cve-icon OpenCVE Enrichment

No data.