CVE-2025-10622
Foreman: os command injection via ct_location and fcct_location parameters
CVSS Score
8.0
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
| CWE | CWE-78 |
| Vendor | the foreman |
| Product | foreman |
| Published | Nov 5, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for the foreman foreman
Be the first to know when new high vulnerabilities affecting the foreman foreman are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
The Foreman / Foreman
3.12.0 < 3.16.1
Red Hat / Red Hat Satellite 6.15 for RHEL 8
All versions affected Red Hat / Red Hat Satellite 6.16 for RHEL 8
All versions affected Red Hat / Red Hat Satellite 6.16 for RHEL 9
All versions affected Red Hat / Red Hat Satellite 6.17 for RHEL 9
All versions affected Red Hat / Red Hat Satellite 6.18 for RHEL 9
All versions affected Red Hat / Red Hat Satellite 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19721 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19832 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19855 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:19856 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-10622 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2396020 theforeman.org: https://theforeman.org/security.html#2025-10622
Credits
Red Hat would like to thank MichaΕ Bartoszuk (stmcyber.pl) for reporting this issue.