This security advisory from Red Hat addresses critical vulnerabilities in Red Hat Ansible Automation Platform 2.6 container release. The vulnerabilities involve improper authorization and unsafe deserialization, which could potentially allow unauthorized actions or code execution within the automation platform. The advisory references two CVEs (CVE-2025-14025 and CVE-2025-68664) and categorizes the issues under CWE-279 and CWE-502. Red Hat recommends applying the update after ensuring all prior errata are applied. The advisory does not provide detailed technical exploitation information or CVSS metrics but classifies the issue as critical. No known exploits have been reported in the wild, and the update is available through Red Hat's official channels.

The vulnerabilities could allow unauthorized access or unsafe processing of untrusted data within the Red Hat Ansible Automation Platform 2.6, potentially compromising the integrity or security of automation workflows. Given the critical severity assigned by Red Hat, exploitation could lead to significant impact on enterprise automation environments. However, no active exploits have been observed in the wild, and the exact impact depends on the deployment context and usage of the platform.

Red Hat has released an update for Red Hat Ansible Automation Platform 2.6 that addresses these vulnerabilities. Users should apply this update promptly after confirming that all previously released errata relevant to their system have been installed. Detailed upgrade instructions are available in Red Hat's official documentation. Since this is not a cloud service, remediation is the responsibility of the system administrators. No additional mitigation steps are specified in the advisory.