Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

CVE-2025-69227 — aiohttp: aiohttp: Denial of Service via specially crafted POST request CVE-2026-4800 — lodash: lodash: Arbitrary code execution via untrusted input in template imports CVE-2026-23490 — pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID CVE-2026-26007 — cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-27459 — pyOpenSSL: DTLS cookie callback buffer overflow CVE-2026-29074 — svgo: SVGO: Denial of Service via XML entity expansion CVE-2026-30922 — pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-32274 — black: Black: Arbitrary file writes from unsanitized user input in cache file name CVE-2026-32597 — pyjwt: PyJWT accepts unknown crit header extensions (RFC 7515 §4.1.11 MUST violation) CVE-2026-33154 — dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection