CVE-2025-53861 - Vulnerability Details

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Ansible Automation Platform

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2025-53861
https://bugzilla.redhat.com/show_bug.cgi?id=2379360
https://nvd.nist.gov/vuln/detail/CVE-2025-53861
https://www.cve.org/CVERecord?id=CVE-2025-53861

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 9e-05}`

Fri, 11 Jul 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 11 Jul 2025 13:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.
Title	aap: Sensitive Cookie(s) Set Without Security Flags	Aap: sensitive cookie(s) set without security flags
First Time appeared		Redhat Redhat ansible Automation Platform
CPEs		cpe:/a:redhat:ansible_automation_platform:2
Vendors & Products		Redhat Redhat ansible Automation Platform
References		https://access.redhat.com/security/cve/CVE-2025-53861 https://bugzilla.redhat.com/show_bug.cgi?id=2379360

Fri, 11 Jul 2025 00:15:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		aap: Sensitive Cookie(s) Set Without Security Flags
Weaknesses		CWE-319
References		https://nvd.nist.gov/vuln/detail/CVE-2025-53861 https://www.cve.org/CVERecord?id=CVE-2025-53861
Metrics	threat_severity `None`	cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}` threat_severity `Low`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-07-11T12:44:17.837Z

Updated: 2025-07-11T13:19:51.710Z

Reserved: 2025-07-10T19:20:35.738Z

Link: CVE-2025-53861

Vulnrichment

Updated: 2025-07-11T13:19:35.501Z

NVD

Status : Awaiting Analysis

Published: 2025-07-11T13:15:59.160

Modified: 2025-07-15T13:14:49.980

Link: CVE-2025-53861

Redhat

Severity : Low

Publid Date: 2025-07-10T00:00:00Z

Links: CVE-2025-53861 - Bugzilla

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object