Dismissed
Permalink
CVE-2025-10622
8.0 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @pyrox0 Activity log
- Created automatic suggestion
- @pyrox0 dismissed
Foreman: os command injection via ct_location and fcct_location parameters
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
References
- RHSA-2025:19721 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 x_refsource_REDHAT vdb-entry
- RHBZ#2396020 issue-tracking x_refsource_REDHAT
- RHSA-2025:19721 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19832 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19855 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19856 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 x_refsource_REDHAT vdb-entry
- RHBZ#2396020 issue-tracking x_refsource_REDHAT
- RHSA-2025:19832 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19855 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19856 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 x_refsource_REDHAT vdb-entry
- RHBZ#2396020 issue-tracking x_refsource_REDHAT
- RHSA-2025:19721 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19721 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19832 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19855 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19856 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 x_refsource_REDHAT vdb-entry
- RHBZ#2396020 issue-tracking x_refsource_REDHAT
- https://theforeman.org/security.html#2025-10622
- RHSA-2025:19721 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19832 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19855 x_refsource_REDHAT vendor-advisory
- RHSA-2025:19856 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 x_refsource_REDHAT vdb-entry
- RHBZ#2396020 issue-tracking x_refsource_REDHAT
- https://theforeman.org/security.html#2025-10622
Affected products
foreman
- <3.16.1
- *
satellite:el8/foreman
Package maintainers
-
@zimbatm zimbatm <zimbatm@zimbatm.com>