{}

{}

{}

{"bugzilla": {"description": "aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration", "id": "2392836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392836"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-647", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-9909", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}], "public_date": "2025-09-17T23:59:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9909\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9909"], "statement": "This issue is classified as Moderate because exploitation requires the attacker to have administrative access (or successfully social engineer a legitimate admin). A malicious or tricked admin can create a deceptive route with a double-slash path that captures user credentials in cleartext, potentially allowing persistent backdoor access even after the admin\u2019s permissions are revoked. The gateway does not normalize or validate these paths, meaning normal users cannot detect the attack through ordinary API use. Although an attacker cannot exploit this without access to route creation, the combination of privileged requirements and complete credential exposure makes this a moderate severity risk in any environment where multiple users rely on gateway authentication.", "threat_severity": "Moderate"}