Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for by The Foreman

CVE-2025-10622 (GCVE-0-2025-10622)

Vulnerability from cvelistv5

Published

2025-11-05 07:32

Modified

2025-12-23 22:46

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-602 - Client-Side Enforcement of Server-Side Security

Summary

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:19721	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19832	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19855	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19856	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-10622	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2396020	issue-tracking, x_refsource_REDHAT
	https://theforeman.org/security.html#2025-10622

Impacted products

Vendor

Product

Version

The Foreman

Foreman

Version: 3.12.0 ≤

Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 0:3.9.1.13-1.el8sat < * cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 0:3.12.0.11-1.el8sat < * cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 0:3.12.0.11-1.el9sat < * cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8
Red Hat	Red Hat Satellite 6.17 for RHEL 9	Unaffected: 0:3.14.0.10-1.el9sat < * cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite_utils:6.17::el9 cpe:/a:redhat:satellite_maintenance:6.17::el9 cpe:/a:redhat:satellite:6.17::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:3.16.0.4-1.el9sat < * cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 cpe:/a:redhat:satellite_maintenance:6.18::el9
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-10622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-06T04:55:32.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/foreman",
          "defaultStatus": "unaffected",
          "packageName": "foreman",
          "product": "Foreman",
          "vendor": "The Foreman",
          "versions": [
            {
              "lessThan": "3.16.1",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.13-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.11-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite_utils:6.16::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.11-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.17::el9",
            "cpe:/a:redhat:satellite_utils:6.17::el9",
            "cpe:/a:redhat:satellite_maintenance:6.17::el9",
            "cpe:/a:redhat:satellite:6.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.17 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0.10-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.18::el9",
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9",
            "cpe:/a:redhat:satellite_maintenance:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.16.0.4-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite:el8/foreman",
          "product": "Red Hat Satellite 6",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Micha\u0142 Bartoszuk (stmcyber.pl) for reporting this issue."
        }
      ],
      "datePublic": "2025-11-01T23:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "Client-Side Enforcement of Server-Side Security",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T22:46:08.633Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:19721",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19721"
        },
        {
          "name": "RHSA-2025:19832",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19832"
        },
        {
          "name": "RHSA-2025:19855",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19855"
        },
        {
          "name": "RHSA-2025:19856",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:19856"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-10622"
        },
        {
          "name": "RHBZ#2396020",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396020"
        },
        {
          "url": "https://theforeman.org/security.html#2025-10622"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-17T09:07:39.743000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-01T23:59:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Foreman: os command injection via ct_location and fcct_location parameters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "(CWE-78|CWE-602): Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) or Client-Side Enforcement of Server-Side Security"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-10622",
    "datePublished": "2025-11-05T07:32:14.390Z",
    "dateReserved": "2025-09-17T11:48:59.825Z",
    "dateUpdated": "2025-12-23T22:46:08.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}