How serious is CVE-2025-9909?

This vulnerability has a CVSS score of 6.7 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-9909?

Check the official CVE details for a complete list of affected products and versions.

How do I fix CVE-2025-9909?

To remediate CVE-2025-9909, check for security patches from the vendor. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-9909

Medium

|6.7

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to steal user credentials by creating deceptive routes in the Red Hat Ansible Automation Platform, using a specific format that tricks the system. It requires a malicious or manipulated administrator to set up these routes, which can then capture sensitive information even after the attacker's access has been removed.

Technical Description

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//) prefix in the gateway_path. A malicious or socially engineered administrator can configure a honey-pot route to intercept and exfiltrate user credentials, potentially maintaining persistent access or creating a backdoor even after their permissions are revoked.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$966($500-$1K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Feb 27, 2026

about 1 month ago

Last Modified

Feb 27, 2026

about 1 month ago