Medium severity4.4OSV Advisory· Published Jul 31, 2025· Updated Apr 15, 2026

CVE-2025-7738

Description

A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects administrators or auditors accessing authenticator configurations. While access is limited to privileged users, the clear text exposure of sensitive credentials increases the risk of accidental leaks or misuse.

Affected products

Ansible/Django Ansible BaseOSV
Range: 2024.1.31, 2024.10.17, 2024.12.13, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2025:12772nvd
access.redhat.com/security/cve/CVE-2025-7738nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/ansible/django-ansible-base/commit/e241ea4dce8df577eda15301e0a8e61be647b27bnvd
github.com/ansible/django-ansible-base/pull/773nvd

News mentions

No linked articles in our index yet.

cvss	0.286
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000