CVE-2025-9572
Last modified
CVE-2025-9572 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Foreman | >= 1.22.0, < 3.16.2 |
| Redhat | Satellite | 6.15 |
| Redhat | Satellite | 6.16 |
| Redhat | Satellite | 6.17 |
| Redhat | Satellite | 6.18 |
| Redhat | Satellite Capsule | 6.15 |
| Redhat | Satellite Capsule | 6.16 |
| Redhat | Satellite Capsule | 6.17 |
| Redhat | Satellite Capsule | 6.18 |
| Redhat | Enterprise Linux | 9.0 |
References
- https://access.redhat.com/errata/RHSA-2025:21886Third Party Advisory
- https://access.redhat.com/errata/RHSA-2025:21893Third Party Advisory
- https://access.redhat.com/errata/RHSA-2025:21894Third Party Advisory
- https://access.redhat.com/errata/RHSA-2025:21897Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-9572Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2391715Issue Tracking
- https://theforeman.org/security.html#2025-9572Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-9572?
How severe is CVE-2025-9572?
How do I fix CVE-2025-9572?
Are you affected by CVE-2025-9572?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST