CVE-2025-1801
Published: 03 March 2025
Summary
CVE-2025-1801 is a high-severity Race Condition (CWE-362) vulnerability. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and AC-10 (Concurrent Session Control).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prevents unauthorized and unintended transfer of higher-privileged JWTs via shared resources in the gRPC proxy due to improper synchronization in concurrent request handling.
Enforces approved authorizations for access to system resources, directly addressing the race condition that bypasses privilege boundaries to steal JWTs.
Limits concurrent sessions to mitigate race conditions exploited by rapid concurrent requests from low-privileged users against the proxy.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The race condition vulnerability enables low-privileged users to exploit concurrent requests in the gRPC proxy to steal higher-privileged JWT access tokens, directly mapping to exploitation for privilege escalation and credential access via stealing application access tokens.
NVD Description
A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the…
more
JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.
Deeper analysisAI
CVE-2025-1801 is a concurrency vulnerability in the Ansible Automation Platform (AAP) gateway, specifically within its gRPC service. The flaw arises from race conditions triggered by concurrent requests against the proxy, as published on 2025-03-03. It has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization).
A low-privileged user can exploit this issue remotely over the network with low complexity and no user interaction required. By sending concurrent requests, the attacker can obtain a JSON Web Token (JWT) belonging to a higher-privileged user, potentially compromising server integrity, user sessions, or confidential data.
Red Hat advisories provide mitigation details, including errata RHSA-2025:1954, the CVE security page at https://access.redhat.com/security/cve/CVE-2025-1801, and Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2349081.
Details
- CWE(s)