Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.7
Red Hat Ansible Automation Platform: Credential Theft via Misleading Routes
CVE-2025-9909
Summary
A flaw in the Red Hat Ansible Automation Platform allows an attacker to steal user credentials by creating misleading routes. This could lead to persistent access or a backdoor, even after the attacker's permissions are revoked. To mitigate this, administrators should review and update their route configurations to prevent the use of double-slash prefixes in gateway paths.
Original title
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (...
Original description
A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.
nvd CVSS3.1
6.7
Vulnerability type
CWE-647
- https://access.redhat.com/errata/RHSA-2025:21768
- https://access.redhat.com/errata/RHSA-2025:21775
- https://access.redhat.com/errata/RHSA-2025:23069
- https://access.redhat.com/errata/RHSA-2025:23131
- https://access.redhat.com/security/cve/CVE-2025-9909
- https://bugzilla.redhat.com/show_bug.cgi?id=2392836
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026