{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T00:45:28.231","vulnerabilities":[{"cve":{"id":"CVE-2025-9907","sourceIdentifier":"secalert@redhat.com","published":"2026-02-27T08:17:06.703","lastModified":"2026-03-26T16:56:31.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. The possible outcome includes leakage of internal infrastructure details, accidental disclosure of user or system credentials, privilege escalation if high-value tokens are exposed, and persistent sensitive data exposure to all users with read access on the event stream."},{"lang":"es","value":"Se encontró una falla en la Plataforma de Automatización Red Hat Ansible, API de Flujo de Eventos de Ansible Orientado a Eventos (EDA). Esta vulnerabilidad permite la exposición de credenciales sensibles del cliente y encabezados de infraestructura interna a través del campo test_headers cuando un flujo de eventos está en modo de prueba. El posible resultado incluye la fuga de detalles de infraestructura interna, la divulgación accidental de credenciales de usuario o del sistema, la escalada de privilegios si se exponen tokens de alto valor, y la exposición persistente de datos sensibles a todos los usuarios con acceso de lectura al flujo de eventos."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_automation_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6","matchCriteriaId":"10C9CE31-2A2D-4D62-88B2-7704E06232B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*","matchCriteriaId":"EF19DE86-0524-4785-B606-F8E384FD23F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_developer:1.3:*:*:*:*:*:*:*","matchCriteriaId":"C4EB01A6-27A6-4F37-BC3C-B713444C5EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*","matchCriteriaId":"B2C9238C-11E7-42A2-A87B-3B82F1F6DA5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_inside:1.4:*:*:*:*:*:*:*","matchCriteriaId":"8A05A94D-49A7-4238-9F2C-1221BA88BACB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:19201","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:19221","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:23069","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:23131","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-9907","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392834","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}