πŸ” CVE Alert

CVE-2025-2157

LOW 3.3

Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

CWE CWE-922
Vendor red hat
Product satellite server
Published Mar 15, 2025
Last Updated Nov 21, 2025
Stay Ahead of the Next One

Get instant alerts for red hat satellite server

Be the first to know when new low vulnerabilities affecting red hat satellite server are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

Red Hat / Satellite Server
6.16 6.17
Red Hat / Red Hat Satellite 6
All versions affected

References

NVD β†— CVE.org β†— EPSS Data β†—
access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-2157 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2351092

Credits

Red Hat would like to thank Fabian WΓΌrfl (SEC Consult Vulnerability Lab) for reporting this issue.