#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2025:14686. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(259939);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/31");
script_cve_id("CVE-2025-47273", "CVE-2025-48432");
script_xref(name:"RHSA", value:"2025:14686");
script_name(english:"RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Moderate) (RHSA-2025:14686)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2025:14686 advisory.
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing
IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to
individual teams, while automation developers retain the freedom to write tasks that leverage existing
knowledge without the overhead. Ansible Automation Platform makes it possible for users across an
organization to share, vet, and manage automation content by means of a simple, powerful, and agentless
language.
Security Fix(es):
* automation-controller: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273)
* python3.11-django: Django Path Injection Vulnerability (CVE-2025-48432)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Updates and fixes included:
Automation platform
* Enhanced Support for Streaming Chat Responses (AAP-51756)
* Improved LDAP filter parsing/handling (AAP-51591)
* Updated AAP to allow for HTTP headers to be passed through envoy when HTTPS is offloaded by another
device in front of envoy (AAP-51347)
* Updated the OpenAPI spec to now reflect all available query parameters (AAP-49824)
* Added a new field on AzureAD authenticator called 'Field to use as username' which allows use of an
arbitrary field from the assertion as the username (AAP-49481)
* Fixed migration scenarios that left legacy users in a partly migrated state to now migrate properly to
gateway (AAP-43251)
* Removed the required label from the Organization field for Galaxy credentials in the controller
Credential Create and Edit forms (AAP-51587)
* Fixed the 'LOGIN_REDIRECT_OVERRIDE' to be respected (AAP-49726)
* Fixed a breadcrumb in a launch template to no longer send users to the wrong URL (AAP-44194)
* Fixed the subscription entitlement window to no longer display again after AAP has been entitled when
running in a load-balanced environment with multiple controller web pods (AAP-43883)
* Updated the AAP User Interface to allow all users to see the Notifiers tab (AAP-41342)
* Added the limit field on the job details page (AAP-36118)
* automation-gateway has been updated to 2.5.20250827
* python3.11-django-ansible-base has been updated to 2.5.20250827
Automation controller
* Galaxy credentials can now be created and edited without the need to specify an organization (AAP-51614)
* Fixed the subscription functionality to no longer attach before subscription credentials have been set,
and to return a '400 Bad Request' error instead (AAP-50322)
* automation-controller has been updated to 4.6.19
Event-Driven Ansible
* Fixed project import state to no longer be stuck at pending or running (AAP-51643)
* Fixed EDA to allow '%20' in the project git URL (AAP-51642)
* Fixed 'MQ_TLS' to accept a boolean value (AAP-51012)
* Fixed missing RPM dependency for PostgreSQL client which resulted in container images missing psql
binaries (AAP-50941)
* Fixed a bug to no longer prevent a user who belonged to a team with an EDA organization Project Admin
role to be able see the organization (AAP-50921)
* automation-eda-controller has been updated to 1.1.13
Container-based Ansible Automation Platform
* Implemented PostgreSQL extra settings parameter on the installer (AAP-51533)
* Fixed the Redis hostname to no longer fail to be set in a disconnected environment (AAP-51532)
* Updated preflight checks to temporarily check PostgreSQL version to use a CA bundle from the VM server
with the custom cert appended, if provided (AAP-50884)
* Fixed PCP data permissions by migrating the data to a podman volume instead of a bind mount (AAP-50807)
* Fixed a parameter to allow excluding subdirs during the Automation Hub backup process (AAP-50784)
* Added an exclusion parameter for Containerized Backup, allowing users to specify snapshot paths to be
excluded from the backup process (AAP-46767)
* containerized installer setup has been updated to 2.5-18
RPM-based Ansible Automation Platform
* Added 'postgres_extra_settings' for postgresql.conf customization for managed database installations
(AAP-51462)
* Fixed automation controller nodes so they are removed from the gateway registry when set to a
deprovision state (AAP-51461)
* Fixed the installer to no longer fail when disabling HTTPS for gateway and/or gateway proxy (envoy)
(AAP-48606)
* ansible-automation-platform-installer and installer setup have been updated to 2.5-17
Additional changes:
* automation-hub has been updated to 4.10.7
* python3.11-django has been updated to 4.2.23
* python3.11-galaxy-ng has been updated to 4.10.7
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2366982");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2370365");
# https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14686.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?766294da");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2025:14686");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-47273");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(22, 117);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/17");
script_set_attribute(attribute:"patch_publication_date", value:"2025/08/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-ui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-venv-tower");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3.11-django");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Red Hat' >!< os_product) audit(AUDIT_OS_NOT, 'Red Hat');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
if (!rhel_check_release_list(operator: 'ge', os_version: os_version, rhel_versions: ['8','9'])) audit(AUDIT_OS_NOT, 'Red Hat 8.x / 9.x', 'Red Hat ' + os_version);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'release': '8',
'repo_relative_urls': [
'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/debug',
'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/os',
'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/debug',
'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/os',
'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel8/s390x/ansible-developer/1.2/debug',
'content/dist/layered/rhel8/s390x/ansible-developer/1.2/os',
'content/dist/layered/rhel8/s390x/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/debug',
'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/os',
'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/source/SRPMS'
],
'pkgs': [
{'reference':'automation-controller-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-cli-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-server-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-ui-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-venv-tower-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'python3.11-django-4.2.23-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-48432']}
]
},
{
'release': '9',
'repo_relative_urls': [
'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/debug',
'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/os',
'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/debug',
'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/os',
'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel9/s390x/ansible-developer/1.2/debug',
'content/dist/layered/rhel9/s390x/ansible-developer/1.2/os',
'content/dist/layered/rhel9/s390x/ansible-developer/1.2/source/SRPMS',
'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/debug',
'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/os',
'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/source/SRPMS',
'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/debug',
'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/os',
'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/source/SRPMS'
],
'pkgs': [
{'reference':'automation-controller-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-cli-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-server-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-ui-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'automation-controller-venv-tower-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
{'reference':'python3.11-django-4.2.23-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-48432']}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var repo_relative_urls;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
if (!empty_or_null(constraint['repo_relative_urls'])) repo_relative_urls = constraint['repo_relative_urls'];
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(rpm:exists_check))) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'automation-controller / automation-controller-cli / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation