Vulnerability Description
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Community.General | - |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2025-14010Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418774Issue TrackingVendor Advisory
- https://github.com/ansible-collections/community.general/issues/11000
- https://github.com/ansible-collections/community.general/pull/11005
- https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v
- https://github.com/ansible-collections/community.general/issues/11000
FAQ
What is CVE-2025-14010?
CVE-2025-14010 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when ru...
How severe is CVE-2025-14010?
CVE-2025-14010 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14010?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Community.General.