CVE-2025-53861 — LOW (3.1) — White Hats Nepal

Vulnerability Description

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

CVSS Score

3.1

LOW

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ansible Automation Platform	2.0

Related Weaknesses (CWE)

CWE-319

References

https://access.redhat.com/security/cve/CVE-2025-53861Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2379360Issue Tracking

FAQ

What is CVE-2025-53861?

CVE-2025-53861 is a vulnerability with a CVSS score of 3.1 (LOW). A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read...

How severe is CVE-2025-53861?

CVE-2025-53861 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-53861?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ansible Automation Platform.