CVE-2025-53861

CWE-319 — Cleartext Transmission5 documents5 sources

Severity

3.1LOW

EPSS

0.0%

top 97.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ansible Automation Platform

Timeline

PublishedJul 11

Description

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

▶NVDredhat/ansible_automation_platform2.0

🔴Vulnerability Details

GHSA

GHSA-3f47-vg2x-225m: A flaw was found in Ansible↗2025-07-11

▶

CVEList

Aap: sensitive cookie(s) set without security flags↗2025-07-11

▶

📋Vendor Advisories

Red Hat

aap: Sensitive Cookie(s) Set Without Security Flags↗2025-07-10

▶