VDB
CVE-2025-10622
CVE-2025-10622
PUBLISHED
CVSS 8 HIGH
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
EPSS 0.09% · 25.7th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.09%
25.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Satellite 6.17 for RHEL 9 | 0:3.14.0.10-1.el9sat, 0:3.14.0.10-1.el9sat |
| The Foreman | Foreman | 3.12.0, 3.12.0 |
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 | *, 0:3.12.0.11-1.el9sat |
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 | 0:3.12.0.11-1.el8sat, 0:3.12.0.11-1.el8sat |
| Red Hat | Red Hat Satellite 6 | |
| Red Hat | Red Hat Satellite 6.15 for RHEL 8 | *, 0:3.9.1.13-1.el8sat |
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 | 0:3.16.0.4-1.el9sat, 0:3.16.0.4-1.el9sat |
Exploit Intelligence
- CIRCL seen: CVE-2025-10622 (circl-sighting)
- RHSA-2025:19721 (circl)
- RHSA-2025:19832 (circl)
- RHSA-2025:19855 (circl)
- RHSA-2025:19856 (circl)
- https://access.redhat.com/security/cve/CVE-2025-10622 (circl)
- RHBZ#2396020 (circl)
- https://theforeman.org/security.html#2025-10622 (circl)
Timeline
- Nov 5, 2025 EPSS Score
- Nov 5, 2025 Coalition ESS Score
- Nov 5, 2025 CVE Published
- Nov 5, 2025 PoC Published
- Nov 8, 2025 Coalition ESS Score
- Nov 9, 2025 Coalition ESS Score
- Nov 10, 2025 EPSS Score
- Nov 13, 2025 Coalition ESS Score
- Nov 16, 2025 EPSS Score
- Nov 21, 2025 EPSS Score
- Nov 27, 2025 EPSS Score
- Nov 28, 2025 Coalition ESS Score
References
- RHSA-2025:19721 vendor-advisory
- RHSA-2025:19832 vendor-advisory
- RHSA-2025:19855 vendor-advisory
- RHSA-2025:19856 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10622 vdb
- RHBZ#2396020 issue
- https://theforeman.org/security.html#2025-10622 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-10622 advisory