DEBIAN-CVE-2025-14010

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-14010
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14010.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-14010
Upstream
  • CVE-2025-14010
Published
2025-12-04T10:16:00.810Z
Modified
2026-01-25T21:15:42.937473Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.

References

Affected packages

Debian:13 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.0+dfsg-0+deb13u1

Affected versions

12.*
12.0.0~a6+dfsg-1
12.0.0~b1+dfsg-1
12.0.0~b2+dfsg-1
12.0.0~b3+dfsg-1
12.0.0~b5+dfsg-0+deb13u1
12.0.0~b5+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14010.json"

Debian:14 / ansible

Package

Name
ansible
Purl
pkg:deb/debian/ansible?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.2.0+dfsg-1

Affected versions

12.*
12.0.0~a6+dfsg-1
12.0.0~b1+dfsg-1
12.0.0~b2+dfsg-1
12.0.0~b3+dfsg-1
12.0.0~b5+dfsg-1
12.0.0+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-14010.json"