CVE-2025-5988 MEDIUM

CVE-2025-5988: Aap-gateway: csrf origin checking is disabled

Weakness CWE-352 · CSRF

Published August 4, 2025

Last update November 7, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.

Key dates

02Disclosure timeline

August 4, 2025 CVE published

November 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5988 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-28941 WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-32102 WordPress Crony Cronjob Manager plugin <= 0.5.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2022-2381 E Unlocked - Student Result <= 1.0.4 - Arbitrary File Upload via CSRF CVE-2024-13555 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation CVE-2022-2353 Cross-Site Request Forgery (CSRF) in microweber/microweber