Ansible Automation Platform's EDA Hit by Critical Jinja2 Template Injection (CVE-2025-49521)

A critical Jinja2 template injection vulnerability (CVE-2025-49521) in Ansible Automation Platform's EDA component allows authenticated attackers to execute commands and steal OpenShift service account tokens.
CVE Analysis

6 min read

ZeroPath Security Research

ZeroPath Security Research

2025-06-30

Ansible Automation Platform's EDA Hit by Critical Jinja2 Template Injection (CVE-2025-49521)

Introduction

The Ansible Automation Platform, a cornerstone of enterprise IT automation used globally to manage millions of nodes, faces a critical security threat. A newly discovered vulnerability, CVE-2025-49521, exposes its Event-Driven Ansible (EDA) component to severe risks, including remote command execution and potential theft of highly privileged OpenShift service account tokens.

Technical Information

The core issue lies in the improper evaluation of user-supplied Git branch or refspec values as Jinja2 templates within the EDA component. Without proper sanitization, attackers can inject malicious Jinja2 expressions, enabling arbitrary command execution. For instance, an attacker could exploit this vulnerability with the following payload:

{{ self.__init__.__globals__.__builtins__.eval("import('os').system('id')") }}

In OpenShift environments, this vulnerability is particularly dangerous as it allows attackers to access and exfiltrate service account tokens, potentially granting them extensive control over Kubernetes clusters.

Patch Information

To mitigate this vulnerability, the EDA component has been updated to strictly sanitize and validate Git branch and refspec inputs. This ensures inputs are treated purely as strings, preventing unintended template rendering or code execution. Users are strongly advised to update their Ansible Automation Platform installations to the latest version immediately to incorporate this critical security fix.

Patch sources:

Affected Systems and Versions

  • Ansible Automation Platform versions ≤ 2.5 (EL8/EL9)
  • All deployments with EDA enabled and utilizing user-supplied Git branch/refspec parameters

Vendor Security History

Red Hat has consistently demonstrated prompt responses to vulnerabilities, typically releasing patches within days of discovery. However, the increasing frequency of vulnerabilities in EDA components underscores the importance of proactive security practices and regular updates.

References

Source: This report was created using AI

Detect & fix
what others miss