CVE-2025-14010
Publication date 5 December 2025
Last updated 5 December 2025
Ubuntu priority
Description
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ansible | 25.10 questing |
Needs evaluation
|
| 25.04 plucky |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
|
| ansible-core | 25.10 questing |
Needs evaluation
|
| 25.04 plucky |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-14010
- https://bugzilla.redhat.com/show_bug.cgi?id=2418774
- https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes
- https://github.com/ansible-collections/community.general/issues/11000
- https://github.com/ansible-collections/community.general/pull/11005
- https://access.redhat.com/security/cve/CVE-2025-14010