CVE-2025-1801

Published Mar 3, 2025

Last updated a month ago

CVSS high 8.1

Overview

Description
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

secalert@redhat.com
CWE-362

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2025-1801 | Red Hat Ansible Automation Platform 2.5 aap-gateway race condition (Nessus ID 216983)) has been published on https://t.co/Ruz4rkN5Ng

    @WolfgangSesin

    2 Mar 2025

    15 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References