CVE-2025-49520
BaseFortify
Publication date: 2025-06-30
Last updated on: 2025-07-03
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Event-Driven Ansible (EDA) component of the Ansible Automation Platform. It occurs because user-supplied Git repository URLs are passed without validation to the 'git ls-remote' command. An authenticated attacker can inject malicious arguments into the Git URL, allowing them to execute arbitrary commands on the EDA worker. In Kubernetes or OpenShift environments, this can lead to theft of the pod's service account token and unauthorized access to cluster resources. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an authenticated attacker to execute arbitrary commands on the EDA worker remotely without user interaction. In Kubernetes or OpenShift environments, it can lead to theft of service account tokens, enabling the attacker to access secrets, pods, and other sensitive cluster resources. This could result in full system compromise and unauthorized access to critical infrastructure. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for suspicious usage of the `git ls-remote` command with unusual or malformed Git URLs in the EDA component logs. Since the vulnerability involves argument injection via Git URLs, inspecting logs for unexpected command arguments or failed git operations may help. Additionally, reviewing authentication logs for unusual access patterns to the EDA project creation functionality could indicate exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting authenticated user access to the EDA project creation feature to trusted users only, applying any available patches or updates from the vendor that address this vulnerability, and monitoring Kubernetes/OpenShift environments for unusual access or token theft. Avoid using untrusted Git URLs in the EDA component until a fix is applied. [1]