Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).

AI Analysis

Read-only OAuth2 API Tokens vulnerability allowing write operations on backend services

Basic Information

ID CVE-2025-14025

Source redhat

Published Jan 8, 2026 at 13:44

Affected Product

Vendor Red Hat

Product Red Hat Ansible Automation Platform 2

CWE Classification

CWE-279

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Red Hat

Product Ansible Automation Platform

Version 2

References

{
    "lastseen": "",
    "description": "A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker\u2018s capabilities would only be limited by role based access controls (RBAC).",
    "published": "2026-01-08T13:44:04.764Z",
    "modified": "2026-01-08T13:44:04.764Z",
    "type": "cve",
    "title": "Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions",
    "source": "redhat",
    "references": "https://access.redhat.com/articles/7136004\nhttps://access.redhat.com/security/cve/CVE-2025-14025\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2418785",
    "id": "CVE-2025-14025",
    "bulletinFamily": "",
    "cwe": [
        "CWE-279"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Red Hat Ansible Automation Platform 2",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "Read-only OAuth2 API Tokens vulnerability allowing write operations on backend services",
    "ai_severity": "High",
    "ai_vendor": "Red Hat",
    "ai_product": "Ansible Automation Platform",
    "ai_version": "2",
    "ai_score": 8.5
}

Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions_CVE-2025-14025