Untriaged
Permalink
CVE-2025-2157
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.
References
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-2157 x_refsource_REDHAT vdb-entry
- RHBZ#2351092 issue-tracking x_refsource_REDHAT
Affected products
foreman
- ==6.17
- ==6.16
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>