CVE-2025-1801 in Ansible Automation Platforminfo

Summary

by MITRE • 03/03/2025

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

02/28/2025

Disclosure

03/03/2025

Moderation

accepted

Entry

VDB-298088

CPE

ready

CWE

CWE-362 (confirmed)

CVSS

5.0 (VulDB)

EPSS

0.00295

KEV

Activities

very low

Sector

Telecommunication, Transportation, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-1801
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-1801
CVE Details	https://www.cvedetails.com/cve/CVE-2025-1801/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!