{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-49520","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-06-06T14:33:40.850Z","datePublished":"2025-06-30T20:45:28.706Z","dateUpdated":"2025-11-13T16:36:36.659Z"},"containers":{"cna":{"title":"Event-driven-ansible: authenticated argument injection in git url in eda project creation","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access."}],"affected":[{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","defaultStatus":"affected","versions":[{"version":"0:1.1.11-1.el8ap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"automation-eda-controller","defaultStatus":"affected","versions":[{"version":"0:1.1.11-1.el9ap","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8","cpe:/a:redhat:ansible_automation_platform:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:9986","name":"RHSA-2025:9986","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-49520","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2370812","name":"RHBZ#2370812","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-06-30T20:43:13.185Z","problemTypes":[{"descriptions":[{"cweId":"CWE-88","description":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"timeline":[{"lang":"en","time":"2025-06-06T15:04:28.551Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-30T20:43:13.185Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2025-11-13T16:36:36.659Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-01T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2025-49520"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-02T03:55:21.471Z"}}]}}