Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Red Hat Ansible Automation Platform 2. 4 has multiple security vulnerabilities affecting its automation-controller and receptor components. These include denial of service issues caused by algorithmic complexity in XML deserialization, improper handling of highly compressed data, vulnerability to zip bomb attacks in HTTP parsing, and excessive resource consumption during certificate validation error handling. Red Hat has released updates addressing these vulnerabilities in automation-controller version 4. 5. 30 and receptor version 1. 6. 3. The advisory rates the security impact as Important and provides fixes for these issues. Users should apply the provided updates to mitigate the risks.
AI Analysis
Technical Summary
This advisory covers four security vulnerabilities in Red Hat Ansible Automation Platform 2.4: CVE-2025-64460 (algorithmic complexity in Django XML deserializer leading to denial of service), CVE-2025-66471 (urllib3 Streaming API mishandling highly compressed data), CVE-2025-69223 (AIOHTTP HTTP Parser auto_decompress feature vulnerable to zip bomb), and CVE-2025-61729 (receptor component suffers excessive resource consumption when printing error strings for host certificate validation). These issues can cause denial of service or resource exhaustion. Red Hat has provided updated packages for automation-controller (4.5.30) and receptor (1.6.3) that fix these vulnerabilities. The advisory includes additional bug fixes and improvements. The vulnerabilities affect multiple Red Hat Ansible Automation Platform 2.4 versions for RHEL 8 and 9 architectures.
Potential Impact
The vulnerabilities can lead to denial of service conditions or excessive resource consumption in the affected components of Red Hat Ansible Automation Platform 2.4. This may disrupt automation workflows or degrade system performance. No known exploits in the wild have been reported. The advisory rates the impact as Important (high severity).
Mitigation Recommendations
Red Hat has released updated packages for automation-controller (version 4.5.30) and receptor (version 1.6.3) that address these vulnerabilities. Users should apply these official updates as documented in the Red Hat Ansible Automation Platform 2.4 release notes and update guides. Patch status is confirmed by the vendor advisory. No additional mitigations are specified beyond applying the updates.
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
Description
Red Hat Ansible Automation Platform 2. 4 has multiple security vulnerabilities affecting its automation-controller and receptor components. These include denial of service issues caused by algorithmic complexity in XML deserialization, improper handling of highly compressed data, vulnerability to zip bomb attacks in HTTP parsing, and excessive resource consumption during certificate validation error handling. Red Hat has released updates addressing these vulnerabilities in automation-controller version 4. 5. 30 and receptor version 1. 6. 3. The advisory rates the security impact as Important and provides fixes for these issues. Users should apply the provided updates to mitigate the risks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers four security vulnerabilities in Red Hat Ansible Automation Platform 2.4: CVE-2025-64460 (algorithmic complexity in Django XML deserializer leading to denial of service), CVE-2025-66471 (urllib3 Streaming API mishandling highly compressed data), CVE-2025-69223 (AIOHTTP HTTP Parser auto_decompress feature vulnerable to zip bomb), and CVE-2025-61729 (receptor component suffers excessive resource consumption when printing error strings for host certificate validation). These issues can cause denial of service or resource exhaustion. Red Hat has provided updated packages for automation-controller (4.5.30) and receptor (1.6.3) that fix these vulnerabilities. The advisory includes additional bug fixes and improvements. The vulnerabilities affect multiple Red Hat Ansible Automation Platform 2.4 versions for RHEL 8 and 9 architectures.
Potential Impact
The vulnerabilities can lead to denial of service conditions or excessive resource consumption in the affected components of Red Hat Ansible Automation Platform 2.4. This may disrupt automation workflows or degrade system performance. No known exploits in the wild have been reported. The advisory rates the impact as Important (high severity).
Mitigation Recommendations
Red Hat has released updated packages for automation-controller (version 4.5.30) and receptor (version 1.6.3) that address these vulnerabilities. Users should apply these official updates as documented in the Red Hat Ansible Automation Platform 2.4 release notes and update guides. Patch status is confirmed by the vendor advisory. No additional mitigations are specified beyond applying the updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:1497
- Cve Count
- 4
- Additional Cves
- ["CVE-2025-64460","CVE-2025-66471","CVE-2025-69223"]
- Cvss Version
- null
Threat ID: 6a160971e29bf47b50639edd
Added to database: 5/26/2026, 8:58:25 PM
Last enriched: 5/26/2026, 9:54:31 PM
Last updated: 5/27/2026, 4:50:48 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.