CVE-2025-10622

Sažetak

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

Reference

https://access.redhat.com/errata/RHSA-2025:19721
https://access.redhat.com/security/cve/CVE-2025-10622
https://bugzilla.redhat.com/show_bug.cgi?id=2396020

CVSS

Base:	8.0
Impact:	6.0
Exploitability:	1.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

05-11-2025 - 08:15

Objavljeno

05-11-2025 - 08:15