Puppet · Puppet Enterprise · CVE-2025-5459
Name of the Vulnerable Software and Affected Versions:
Puppet Enterprise versions 2018.1.8 through 2023.8.3
Puppet Enterprise version 2025.3
Description:
A user with specific node group editing permissions and a specially crafted `class parameter` could execute commands as root on the primary host.
Recommendations:
For Puppet Enterprise versions 2018.1.8 through 2023.8.3, update to version 2023.8.4.
For Puppet Enterprise version 2025.3, update to version 2025.4.0.