CVE-2025-14025
Authorization Bypass in Ansible OAuth2 Tokens Enables Write Access
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | ansible_automation_platform | to 2.6 (inc) |
| redhat | ansible_automation_platform | to 2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-279 | While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Ansible Automation Platform allows read-only scoped OAuth2 API tokens, which are supposed to be limited to read-only operations at the Gateway level, to perform write operations on backend services like the Controller, Hub, and EDA. Essentially, tokens intended to have read-only access can bypass these restrictions and perform actions beyond their intended scope. However, this does not constitute a privilege escalation since the underlying user account is an admin, and write restrictions still apply correctly at the Gateway level. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows read-only tokens to perform write operations beyond their intended scope, it could potentially lead to unauthorized data modifications, which may affect compliance with data protection and security requirements in such regulations. Implementing defense-in-depth strategies and strict RBAC is recommended to mitigate risks until a patch is available. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with a read-only token to perform write operations on backend services, potentially modifying configurations or data beyond their intended permissions. The attacker's capabilities would still be limited by role-based access controls (RBAC), but the bypass of read-only restrictions could lead to unauthorized changes and increased risk to system integrity. Until patched, it is important to enforce least privilege principles, restrict credentials, and carefully manage tokens to minimize potential damage. [1]
What immediate steps should I take to mitigate this vulnerability?
Until a patch is released, implement defense-in-depth strategies such as enforcing Role-Based Access Control (RBAC) with least privilege principles, restricting credentials, and carefully managing tokens to minimize potential damage. Additionally, upgrade to Red Hat Ansible Automation Platform 2.6 for RHEL 9 or version 2.5 for RHEL 8 and 9 where the issue has been fixed. [1, 2]