VDB

CVE-2025-10622

CVE-2025-10622 PUBLISHED CVSS 8 HIGH

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS 3.1
8
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.09%
25.7th percentile

Affected Products

VendorProductVersions
Red HatRed Hat Satellite 6.17 for RHEL 90:3.14.0.10-1.el9sat, 0:3.14.0.10-1.el9sat
The ForemanForeman3.12.0, 3.12.0
Red HatRed Hat Satellite 6.16 for RHEL 9*, 0:3.12.0.11-1.el9sat
Red HatRed Hat Satellite 6.16 for RHEL 80:3.12.0.11-1.el8sat, 0:3.12.0.11-1.el8sat
Red HatRed Hat Satellite 6
Red HatRed Hat Satellite 6.15 for RHEL 8*, 0:3.9.1.13-1.el8sat
Red HatRed Hat Satellite 6.18 for RHEL 90:3.16.0.4-1.el9sat, 0:3.16.0.4-1.el9sat

Timeline

  • Nov 5, 2025 EPSS Score
  • Nov 5, 2025 Coalition ESS Score
  • Nov 5, 2025 CVE Published
  • Nov 5, 2025 PoC Published
  • Nov 8, 2025 Coalition ESS Score
  • Nov 9, 2025 Coalition ESS Score
  • Nov 10, 2025 EPSS Score
  • Nov 13, 2025 Coalition ESS Score
  • Nov 16, 2025 EPSS Score
  • Nov 21, 2025 EPSS Score
  • Nov 27, 2025 EPSS Score
  • Nov 28, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›