{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T20:30:59.624","vulnerabilities":[{"cve":{"id":"CVE-2025-9908","sourceIdentifier":"secalert@redhat.com","published":"2026-02-27T08:17:07.580","lastModified":"2026-03-25T20:19:13.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection."},{"lang":"es","value":"Se encontró una falla en Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. Esta vulnerabilidad permite a un usuario autenticado obtener acceso a encabezados de infraestructura interna sensibles (como X-Trusted-Proxy y X-Envoy-*) y URLs de flujo de eventos a través de solicitudes manipuladas y plantillas de trabajo. Al exfiltrar estos encabezados, un atacante podría suplantar solicitudes confiables, escalar privilegios o realizar inyección de eventos maliciosos."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_automation_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6","matchCriteriaId":"10C9CE31-2A2D-4D62-88B2-7704E06232B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_developer:1.2:*:*:*:*:*:*:*","matchCriteriaId":"EF19DE86-0524-4785-B606-F8E384FD23F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_developer:1.3:*:*:*:*:*:*:*","matchCriteriaId":"C4EB01A6-27A6-4F37-BC3C-B713444C5EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_inside:1.3:*:*:*:*:*:*:*","matchCriteriaId":"B2C9238C-11E7-42A2-A87B-3B82F1F6DA5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:ansible_inside:1.4:*:*:*:*:*:*:*","matchCriteriaId":"8A05A94D-49A7-4238-9F2C-1221BA88BACB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":false,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:19201","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:19221","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:23069","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:23131","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-9908","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392835","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}