CVE-2025-49520 – Ansible Automation Platform EDA Git URL Injection Remote Command Execution Vulnerability

CVE ID : CVE-2025-49520

Published : June 30, 2025, 9:15 p.m. | 47 minutes ago

Description : A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…