RHSA-2025:23131HighCVSS 8.3
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update
🔗 CVE IDs covered (8)
CVE-2025-9907 · pendingCVE-2025-9908 · pendingCVE-2025-9909 · pendingCVE-2025-58754 →CVE-2025-59530 →CVE-2025-62707 →CVE-2025-62727 →CVE-2025-64459 →
📋 Description
CVE-2025-9907 — event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA CVE-2025-9908 — event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams CVE-2025-9909 — aap-gateway: Improper Path Validation in Gateway Allows Credential Exfiltration CVE-2025-58754 — axios: Axios DoS via lack of data size check CVE-2025-59530 — github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame CVE-2025-62707 — pypdf: pypdf affected by possible infinite loop when reading DCT inline images without EOF marker CVE-2025-62727 — starlette: Starlette DoS via Range header merging CVE-2025-64459 — django: Django SQL injection
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2025:23131
- externalhttps://access.redhat.com/security/cve/CVE-2025-58754
- externalhttps://access.redhat.com/security/cve/CVE-2025-59530
- externalhttps://access.redhat.com/security/cve/CVE-2025-62707
- externalhttps://access.redhat.com/security/cve/CVE-2025-62727
- externalhttps://access.redhat.com/security/cve/CVE-2025-64459
- externalhttps://access.redhat.com/security/cve/CVE-2025-9907
- externalhttps://access.redhat.com/security/cve/CVE-2025-9908
- externalhttps://access.redhat.com/security/cve/CVE-2025-9909
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23131.json