Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-49521

A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft.

Published: Jun 30, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-49521
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

No affected software listed.

https://access.redhat.com/errata/RHSA-2025:9986
https://access.redhat.com/security/cve/CVE-2025-49521
https://bugzilla.redhat.com/show_bug.cgi?id=2370817

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo