CVE-2025-9907 PUBLISHED

Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda

Assigner: redhat
Reserved: 03.09.2025 Published: 27.02.2026 Updated: 27.02.2026

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.7

Product Status

Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.1.1-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.2-1.1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.1.4-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:1.1.14-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.10.10-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:2.13.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.2.26-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:2.1.2-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.36-2.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.10.10-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:23.0.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:1.6.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:9.0.1-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.8.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.2.15-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.2-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.2.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.15.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.1.1-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.2-1.1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.1.4-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:1.1.14-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.10.10-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.13.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.2.26-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.1.2-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.36-2.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.10.10-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:23.0.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:1.6.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:9.0.1-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.8.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.2.15-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.2-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.2.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.15.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.6 for RHEL 9
Versions Default: affected
  • unaffected from 0:1.2.1-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5
Versions Default: affected
  • unaffected from sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1 to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.6
Versions Default: affected
  • unaffected from sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76 to * (excl.)

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

  • This issue was discovered by Elijah DeLee (Red Hat).

References

Problem Types

  • Exposure of Sensitive Information to an Unauthorized Actor CWE