CVE-2025-10622 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-10622 PUBLISHED CVSS 8 HIGH

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

EPSS 0.15% · 34.8th percentile

Risk Scores

CVSS v3.1

8

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.15%

34.8th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Satellite 6.17 for RHEL 9	0:3.14.0.10-1.el9sat, 0:3.14.0.10-1.el9sat
The Foreman	Foreman	3.12.0, 3.12.0
Red Hat	Red Hat Satellite 6.16 for RHEL 9	0:3.12.0.11-1.el9sat, *
Red Hat	Red Hat Satellite 6.16 for RHEL 8	0:3.12.0.11-1.el8sat, 0:3.12.0.11-1.el8sat
Red Hat	Red Hat Satellite 6
Red Hat	Red Hat Satellite 6.15 for RHEL 8	0:3.9.1.13-1.el8sat, *
Red Hat	Red Hat Satellite 6.18 for RHEL 9	0:3.16.0.4-1.el9sat, 0:3.16.0.4-1.el9sat

Timeline

Nov 5, 2025 EPSS Score
Nov 5, 2025 Coalition ESS Score
Nov 5, 2025 CVE Published
Nov 5, 2025 PoC Published
Nov 8, 2025 Coalition ESS Score
Nov 9, 2025 Coalition ESS Score
Nov 10, 2025 EPSS Score
Nov 13, 2025 Coalition ESS Score
Nov 15, 2025 EPSS Score
Nov 19, 2025 EPSS Score
Nov 24, 2025 EPSS Score
Nov 28, 2025 Coalition ESS Score

References

RHSA-2025:19721 vendor-advisory
RHSA-2025:19832 vendor-advisory
RHSA-2025:19855 vendor-advisory
RHSA-2025:19856 vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-10622 vdb
RHBZ#2396020 issue
https://theforeman.org/security.html#2025-10622 url
https://nvd.nist.gov/vuln/detail/CVE-2025-10622 advisory

Open in Interactive Console →