CVE-2025-9909 PUBLISHED

Aap-gateway: improper path validation in gateway allows credential exfiltration

Assigner: redhat
Reserved: 03.09.2025 Published: 27.02.2026 Updated: 27.02.2026

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.7

Product Status

Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.1.1-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.2-1.1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.1.4-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:2.5.20251210-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.10.10-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:2.13.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.2.26-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:2.1.2-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.36-2.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.10.10-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:23.0.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:1.6.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:9.0.1-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:3.8.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.2.15-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:0.4.2-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:25.12.0-1.2.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 8
Versions Default: affected
  • unaffected from 0:4.15.0-1.el8ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.1.1-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.2-1.1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.1.4-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.5.20251210-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.10.10-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.13.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.2.26-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.1.2-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.36-2.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.10.10-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:23.0.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:1.6.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:9.0.1-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:3.8.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.2.15-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:0.4.2-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:25.12.0-1.2.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5 for RHEL 9
Versions Default: affected
  • unaffected from 0:4.15.0-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.6 for RHEL 9
Versions Default: affected
  • unaffected from 0:2.6.20251119-1.el9ap to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.5
Versions Default: affected
  • unaffected from sha256:93b5d66f1fa8a3241d999df47c8430c13fa11b751b5fc3d4a8fd2a39d282b3fd to * (excl.)
Vendor Red Hat
Product Red Hat Ansible Automation Platform 2.6
Versions Default: affected
  • unaffected from sha256:d6bd83a65b6a0ca9cead0652736c51dd1ab02fc8d9ee2a5c19e413a5239c0cb7 to * (excl.)

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Credits

  • This issue was discovered by Elijah DeLee (Red Hat).

References

Problem Types

  • Use of Non-Canonical URL Paths for Authorization Decisions CWE