How to fix CVE-2025-53861?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is Ansible. Sensitive affected by CVE-2025-53861?

CVE-2025-53861 is a low-severity vulnerability in A flaw (CVSS 3.1). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

Ansible. Sensitive CVE-2025-53861

EUVD-2025-21136 LOW

Cleartext Transmission of Sensitive Information (CWE-319)

2025-07-11 [email protected]

XSS

3.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 08:17 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 08:17 euvd

EUVD-2025-21136

CVE Published

Jul 11, 2025 - 13:15 nvd

LOW 3.1

DescriptionNVD

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

Analysis

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding. This vulnerability is classified as Cleartext Transmission of Sensitive Information (CWE-319).

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

CVE-2025-53861 vulnerability details – vuln.today

Back

Ansible. Sensitive CVE-2025-53861

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code