Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Feb 28, 2026
Event-driven-ansible: event stream test mode exposes sensitive headers in aap eda
CVE-2025-9907
Description
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream.
Affected products
5- Red Hat/Red Hat Ansible Automation Platform 2.5v5cpe:/a:redhat:ansible_automation_platform:2.5::el8Range: sha256:07673470fb62db8bec12ec20b2500228c0c6d5108916dd936d91e10610b783d1
- Red Hat/Red Hat Ansible Automation Platform 2.6v5cpe:/a:redhat:ansible_automation_platform:2.6::el9Range: sha256:142125ce7f176ce4d9755f3124714bbfd8e10a687378988761d5451bd135ca76
- Red Hat/Red Hat Ansible Automation Platform 2.6 for RHEL 9v5cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9Range: 0:1.2.1-1.el9ap
- Red Hat/Red Hat Ansible Automation Platform 2.5 for RHEL 9v5cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9Range: 0:4.15.0-1.el9ap
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- access.redhat.com/errata/RHSA-2025:19201mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:19221mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23069mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23131mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2025-9907mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.