CVE-2025-9572

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Foreman (affected versions not specified)

Description An authorization issue exists in Foreman’s GraphQL API. Low-privileged users can access metadata that they should not be able to view. The GraphQL endpoint does not enforce access controls correctly, resulting in an authorization bypass. This differs from the REST API, which properly enforces access controls. The vulnerable API endpoint is the GraphQL API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-200

Related Identifiers

CVE-2025-9572

RHSA-2025:21886

RHSA-2025:21893

RHSA-2025:21894

RHSA-2025:21897

Affected Products

Foreman

Red Hat Satellite 6.15 For Rhel 8

Red Hat Satellite 6.16 For Rhel 8

Red Hat Satellite 6.16 For Rhel 9

Red Hat Satellite 6.17 For Rhel 9

Red Hat Satellite 6.18 For Rhel 9

Enterprise Linux

Ruby-Foreman

Satellite

Satellite Capsule

Smart-Proxy

CVE-2025-9572

Weakness Enumeration

Related Identifiers

Affected Products

References · 16