An update is now available for Red Hat Ansible Automation Platform 2.5

Red Hat Ansible Automation Platform provides an enterprise framework for
 building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

* ansible-lightspeed-container: Jinja sandbox breakout through attr filter
 selecting format method (CVE-2025-27516)
* ansible-lightspeed-container: Potential denial-of-service vulnerability in
 django.utils.text.wrap() (CVE-2025-26699)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Update(s) and Fix(es):
* Legacy Controller API info link on the Controller redirect page is now fixed
 (AAP-41510)
* AAP Backups no longer fail when writing yaml to the PVC on Openshift clusters
 with Openshift Virtualization installed (AAP-28609)
* The ansible.controller collection has been updated to 4.6.10
* The ansible.platform collection has been updated to 2.5.20250326

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-26699: Uncontrolled Resource Consumption (CWE-400)
CVE-2025-27516: Improper Neutralization of Special Elements Used in a Template
 Engine (CWE-1336)