CVE-2025-1801— Aap-gateway: aap-gateway privilege escalation

CVSS 8.1 · High EPSS 0.11% · P28 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-1801

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Aap-gateway: aap-gateway privilege escalation

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用共享资源的并发执行不恰当同步问题(竞争条件)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Red Hat Ansible 竞争条件问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Red Hat Ansible是美国红帽（Red Hat）公司的一款计算机系统配置管理器。该产品可用于发布、管理和编排计算机系统。 Red Hat Ansible存在竞争条件问题漏洞，该漏洞源于竞争条件，可能导致低权限用户获取高权限用户的JWT。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	0:2.5.20250305-1.el8ap ~ *	`cpe:/a:redhat:ansible_automation_platform:2.5::el9`
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	0:2.5.20250305-1.el9ap ~ *	`cpe:/a:redhat:ansible_automation_platform:2.5::el9`

II. Public POCs for CVE-2025-1801

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-1801

请登录查看更多情报信息。

CVE-2025-1801 - Red Hat Customer Portalvdb-entryx_refsource_REDHAT
2349081 – (CVE-2025-1801) CVE-2025-1801 aap-gateway: aap-gateway privilege escalationissue-trackingx_refsource_REDHAT
RHSA-2025:1954 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2025-1801

IV. Related Vulnerabilities

Same weakness: CWE-362

V. Comments for CVE-2025-1801

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-1801— Aap-gateway: aap-gateway privilege escalation

I. Basic Information for CVE-2025-1801

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-1801

III. Intelligence Information for CVE-2025-1801

IV. Related Vulnerabilities

V. Comments for CVE-2025-1801

Leave a comment