Security Advisory

CVE-2025-49520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-30 20:45:28

Last updated 2025-11-13 16:36:36

Assigner redhat

State PUBLISHED

Description

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.

← Browse all CVEs View on cve.org ↗