CVE-2025-2877

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1295
View all →

Vulnerability Description

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.

Related Vulnerabilities

CVE-2025-20643

MEDIUM
CVSS:5.7(Medium)

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has...

CWE-12952025

CVE-2023-4215

HIGH
CVSS:7.5(High)

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.

CWE-12952023

CVE-2023-5392

HIGH
CVSS:7.5(High)

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the pro...

CWE-12952023

CVE-2024-45784

HIGH
CVSS:7.5(High)

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionall...

CWE-12952024

CVE-2025-31001

HIGH
CVSS:7.5(High)

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.

CWE-12952025

CVE-2021-31412

MEDIUM
CVSS:5.3(Medium)

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), ...

CWE-12952021