ALAS2023-2025-1330

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1330
Advisory Released Date: 2026-01-07
Advisory Updated Date: 2026-01-07

Severity: Important

References: CVE-2025-14010
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. (CVE-2025-14010)

Affected Packages:

ansible

Issue Correction:
Run dnf update ansible --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1330 --releasever 2023.10.20260105 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

noarch:
    ansible-8.3.0-1.amzn2023.0.2.noarch

src:
    ansible-8.3.0-1.amzn2023.0.2.src

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-14010

Mitre: CVE-2025-14010