Critical Vulnerability Information Vulnerability Identifier CVE ID: CVE-2025-7738 Impact Level CVSS v3.0 Score: 4.4 Impact Level: Medium Description Vulnerability Description: In Ansible Automation Platform (AAP), there is a vulnerability where the Gateway service returns client keys in plaintext for certain GitHub Enterprise authenticators. This vulnerability affects administrators or operators accessing users with specific configurations. Although access is restricted, the exposure of OAuth2 client keys increases the risk of accidental disclosure. Statement Risk Assessment: The Red Hat Product Security team has assessed this issue as medium severity. The vulnerability is limited to authorized and highly privileged users (administrators and operators) and does not require user interaction. However, the plaintext exposure of OAuth2 client keys increases the risk of accidental disclosure or misuse, particularly in cases involving insider threats or compromised accounts. Mitigation Current Status: No mitigations are currently available that meet Red Hat Product Security standards, including usage and deployment scenarios, applicability to a broad installed base, and security. Affected Packages and Red Hat Security Advisories Product/Service: Ansible Automation Platform 2 Component: python3-django-social-login Status: Under investigation CVSS v3.0 Score Details Attack Vector: Network Attack Complexity: High Required Privileges: High User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: Low Availability Impact: None Weakness Understanding (CWE) CWE ID: CWE-312 Weakness Type: Storage of Sensitive Information in Plaintext Technical Impact: Attackers can access sensitive information stored in plaintext within the system.