CVE-2025-14010

Published: Dec 4, 2025Modified: May 20, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

Affected (1)

Products: Redhat: Community.general

1 product

Community.general

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Community.general	All versions

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

https://access.redhat.com/security/cve/CVE-2025-14010

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2418774

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://github.com/ansible-collections/community.general/issues/11000

Source: secalert@redhat.com

https://github.com/ansible-collections/community.general/pull/11005

Source: secalert@redhat.com

https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes

Source: secalert@redhat.com

https://github.com/ansible-collections/community.general/issues/11000

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.