CVE-2025-9908 – Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams

CVE ID : CVE-2025-9908

Published : 27. Februar 2026 08:17 | 54 Minuten ago

Description : A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers (such as X-Trusted-Proxy and X-Envoy-*) and event stream URLs via crafted requests and job templates. By exfiltrating these headers, an attacker could spoof trusted requests, escalate privileges, or perform malicious event injection.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…