Lucene search
K

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Moderate) (RHSA-2025:14686)

🗓️ 31 Aug 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Security fixes for path traversal in setuptools and Django path injection in Ansible Automation Platform.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1, which affects IBM watsonx.data
1 Sep 202514:47
ibm
IBM Security Bulletins
Security Bulletin: Astronomer with IBM is vulnerable to path traversal issues due to the setuptools package (CVE-2025-47273)
18 Nov 202519:12
ibm
IBM Security Bulletins
Security Bulletin: Deserialization of untrusted data, path traversal, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
21 Jul 202516:17
ibm
IBM Security Bulletins
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion
11 Sep 202518:18
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
7 Apr 202620:13
ibm
IBM Security Bulletins
Security Bulletin: IBM Fusion is vulnerable to Path Traversal due to python's setuptools (CVE-2025-47273)
1 Jul 202521:19
ibm
IBM Security Bulletins
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools
29 Oct 202510:49
ibm
IBM Security Bulletins
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView
6 Jul 202610:21
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.2
21 Jun 202513:39
ibm
IBM Security Bulletins
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools-70.3.0-py3-none-any.whl
22 Oct 202511:06
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2025:14686. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(259939);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/31");

  script_cve_id("CVE-2025-47273", "CVE-2025-48432");
  script_xref(name:"RHSA", value:"2025:14686");

  script_name(english:"RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Moderate) (RHSA-2025:14686)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2025:14686 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing
    IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to
    individual teams, while automation developers retain the freedom to write tasks that leverage existing
    knowledge without the overhead. Ansible Automation Platform makes it possible for users across an
    organization to share, vet, and manage automation content by means of a simple, powerful, and agentless
    language.

    Security Fix(es):

    * automation-controller: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273)

    * python3.11-django: Django Path Injection Vulnerability (CVE-2025-48432)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
    other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes included:

    Automation platform
    * Enhanced Support for Streaming Chat Responses (AAP-51756)
    * Improved LDAP filter parsing/handling (AAP-51591)
    * Updated AAP to allow for HTTP headers to be passed through envoy when HTTPS is offloaded by another
    device in front of envoy (AAP-51347)
    * Updated the OpenAPI spec to now reflect all available query parameters (AAP-49824)
    * Added a new field on AzureAD authenticator called 'Field to use as username' which allows use of an
    arbitrary field from the assertion as the username (AAP-49481)
    * Fixed migration scenarios that left legacy users in a partly migrated state to now migrate properly to
    gateway (AAP-43251)
    * Removed the required label from the Organization field for Galaxy credentials in the controller
    Credential Create and Edit forms (AAP-51587)
    * Fixed the 'LOGIN_REDIRECT_OVERRIDE' to be respected (AAP-49726)
    * Fixed a breadcrumb in a launch template to no longer send users to the wrong URL (AAP-44194)
    * Fixed the subscription entitlement window to no longer display again after AAP has been entitled when
    running in a load-balanced environment with multiple controller web pods (AAP-43883)
    * Updated the AAP User Interface to allow all users to see the Notifiers tab (AAP-41342)
    * Added the limit field on the job details page (AAP-36118)
    * automation-gateway has been updated to 2.5.20250827
    * python3.11-django-ansible-base has been updated to 2.5.20250827

    Automation controller
    * Galaxy credentials can now be created and edited without the need to specify an organization (AAP-51614)
    * Fixed the subscription functionality to no longer attach before subscription credentials have been set,
    and to return a '400 Bad Request' error instead (AAP-50322)
    * automation-controller has been updated to 4.6.19

    Event-Driven Ansible
    * Fixed project import state to no longer be stuck at pending or running (AAP-51643)
    * Fixed EDA to allow '%20' in the project git URL (AAP-51642)
    * Fixed 'MQ_TLS' to accept a boolean value (AAP-51012)
    * Fixed missing RPM dependency for PostgreSQL client which resulted in container images missing psql
    binaries (AAP-50941)
    * Fixed a bug to no longer prevent a user who belonged to a team with an EDA organization Project Admin
    role to be able see the organization (AAP-50921)
    * automation-eda-controller has been updated to 1.1.13

    Container-based Ansible Automation Platform
    * Implemented PostgreSQL extra settings parameter on the installer (AAP-51533)
    * Fixed the Redis hostname to no longer fail to be set in a disconnected environment (AAP-51532)
    * Updated preflight checks to temporarily check PostgreSQL version to use a CA bundle from the VM server
    with the custom cert appended, if provided (AAP-50884)
    * Fixed PCP data permissions by migrating the data to a podman volume instead of a bind mount (AAP-50807)
    * Fixed a parameter to allow excluding subdirs during the Automation Hub backup process (AAP-50784)
    * Added an exclusion parameter for Containerized Backup, allowing users to specify snapshot paths to be
    excluded from the backup process (AAP-46767)
    * containerized installer setup has been updated to 2.5-18

    RPM-based Ansible Automation Platform
    * Added 'postgres_extra_settings' for postgresql.conf customization for managed database installations
    (AAP-51462)
    * Fixed automation controller nodes so they are removed from the gateway registry when set to a
    deprovision state (AAP-51461)
    * Fixed the installer to no longer fail when disabling HTTPS for gateway and/or gateway proxy (envoy)
    (AAP-48606)
    * ansible-automation-platform-installer and installer setup have been updated to 2.5-17

    Additional changes:
    * automation-hub has been updated to 4.10.7
    * python3.11-django has been updated to 4.2.23
    * python3.11-galaxy-ng has been updated to 4.10.7

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2366982");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2370365");
  # https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14686.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?766294da");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2025:14686");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-47273");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22, 117);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-ui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-venv-tower");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3.11-django");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Red Hat' >!< os_product) audit(AUDIT_OS_NOT, 'Red Hat');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
if (!rhel_check_release_list(operator: 'ge', os_version: os_version, rhel_versions: ['8','9'])) audit(AUDIT_OS_NOT, 'Red Hat 8.x / 9.x', 'Red Hat ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'release': '8',
    'repo_relative_urls': [
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/debug',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/os',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/os',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.2/debug',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.2/os',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/debug',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/os',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.2/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'automation-controller-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-cli-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-server-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-ui-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-venv-tower-4.6.19-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'python3.11-django-4.2.23-1.el8ap', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-48432']}
    ]
  },
  {
    'release': '9',
    'repo_relative_urls': [
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/debug',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/os',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/os',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.2/debug',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.2/os',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.2/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/debug',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/os',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.5/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/debug',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/os',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.2/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'automation-controller-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-cli-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-server-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-ui-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'automation-controller-venv-tower-4.6.19-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-47273']},
      {'reference':'python3.11-django-4.2.23-1.el9ap', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.5', 'cves':['CVE-2025-48432']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var repo_relative_urls;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }

  if (!empty_or_null(constraint['repo_relative_urls'])) repo_relative_urls = constraint['repo_relative_urls'];

  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(rpm:exists_check))) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'automation-controller / automation-controller-cli / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

31 Aug 2025 00:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.14 - 8.8
CVSS 48.7
EPSS0.01479
SSVC
2