Bug ID: 2418785 CVE Identifier: CVE-2025-14025 Summary: ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions Reported Date: 2025-12-04 12:33 UTC Modified Date: 2026-01-08 14:09 UTC Status: NEW Priority: high Severity: high Product: Security Response Component: vulnerability Assignee: Product Security DevOps Team Description: - A read-only Personal Access Token (PAT) created on Gateway can perform write operations on the Controller component despite its read-only configuration. Although the operation fails when creating a new team in Gateway, the read-only scope of the token is effectively ignored. This situation does not qualify as a true privilege escalation since the user creating the token had admin rights. Fixed In: - Red Hat Ansible Automation Platform 2.6 for RHEL 9 - Red Hat Ansible Automation Platform 2.5 for RHEL 8 - Red Hat Ansible Automation Platform 2.5 for RHEL 9 Errata: - RHSA-2026:0360 - RHSA-2026:0361