Vulnerability-Lookup

FKIE_CVE-2025-9572

Vulnerability from fkie_nvd - Published: 2026-02-27 08:17 - Updated: 2026-03-24 12:16

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:21886	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:21893	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:21894	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:21897	Third Party Advisory
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-9572	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2391715	Issue Tracking
secalert@redhat.com	https://theforeman.org/security.html#2025-9572	Vendor Advisory

Impacted products

Vendor	Product	Version
theforeman	foreman	*
redhat	satellite	6.15
redhat	satellite	6.16
redhat	satellite	6.17
redhat	satellite	6.18
redhat	satellite_capsule	6.15
redhat	satellite_capsule	6.16
redhat	satellite_capsule	6.17
redhat	satellite_capsule	6.18
redhat	enterprise_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D99F6FA-1E2E-4914-A644-C114F9780C16",
              "versionEndExcluding": "3.16.2",
              "versionStartIncluding": "1.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F12DC81-33E9-4693-8636-7A1AD20D5CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD7B59EF-75E0-41FE-A5D6-BCE41107E2D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "342183ED-1495-4481-9164-B3ED8424B618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2205338-7476-46DC-ABB2-52F0BBAAD01D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite_capsule:6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "142F6FF2-B450-4309-B56A-6B8C0640E2D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite_capsule:6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9D21EC-ABF6-49AC-A353-5A5BEAA5EE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite_capsule:6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3723A5-FB16-4259-BABF-918506E2CF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite_capsule:6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B1769A-37F4-40CB-B613-7B60C4F63D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "n authorization flaw in Foreman\u0027s GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass."
    },
    {
      "lang": "es",
      "value": "Una falla de autorizaci\u00f3n en la API GraphQL de Foreman permite a usuarios con bajos privilegios acceder a metadatos m\u00e1s all\u00e1 de sus permisos asignados. A diferencia de la API REST, que aplica correctamente los controles de acceso, el endpoint GraphQL no aplica un filtrado adecuado, lo que lleva a una omisi\u00f3n de autorizaci\u00f3n."
    }
  ],
  "id": "CVE-2025-9572",
  "lastModified": "2026-03-24T12:16:12.680",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-27T08:17:06.373",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:21886"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:21893"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:21894"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:21897"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2025-9572"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391715"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://theforeman.org/security.html#2025-9572"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CVE-2025-9572 (GCVE-0-2025-9572)

Vulnerability from cvelistv5 – Published: 2026-02-27 07:28 – Updated: 2026-03-24 11:28

Title

Foreman: satellite: graphql api permission bypass leads to information disclosure

Summary

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-863 - Incorrect Authorization

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:21886	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21893	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21894	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21897	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-9572	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2391715	issue-trackingx_refsource_REDHAT
	https://theforeman.org/security.html#2025-9572

Impacted products

Vendor

Product

Version

The Foreman

Foreman

Affected: 1.22.0 , < 3.16.2 (semver)

Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 0:3.9.1.14-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.15 for RHEL 8	Unaffected: 0:6.15.5.7-1.el8sat , < * (rpm) cpe:/a:redhat:satellite:6.15::el8 cpe:/a:redhat:satellite_utils:6.15::el8 cpe:/a:redhat:satellite_capsule:6.15::el8
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 0:3.12.0.12-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 8	Unaffected: 0:6.16.5.6-1.el8sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 0:3.12.0.12-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9
Red Hat	Red Hat Satellite 6.16 for RHEL 9	Unaffected: 0:6.16.5.6-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_utils:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite:6.16::el9
Red Hat	Red Hat Satellite 6.17 for RHEL 9	Unaffected: 0:3.14.0.11-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.17::el9 cpe:/a:redhat:satellite:6.17::el9 cpe:/a:redhat:satellite_utils:6.17::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:3.16.0.7-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:4.18.0.4-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9
Red Hat	Red Hat Satellite 6.18 for RHEL 9	Unaffected: 0:6.18.1-1.el9sat , < * (rpm) cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9

Date Public ?

2025-08-29 06:12

Credits

Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9572",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T18:42:27.523966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T18:42:37.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/theforeman/foreman",
          "defaultStatus": "unaffected",
          "packageName": "foreman",
          "product": "Foreman",
          "vendor": "The Foreman",
          "versions": [
            {
              "lessThan": "3.16.2",
              "status": "affected",
              "version": "1.22.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.14-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.15.5.7-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.12-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.16 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.16.5.6-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.12.0.12-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.16::el8",
            "cpe:/a:redhat:satellite_capsule:6.16::el9",
            "cpe:/a:redhat:satellite_utils:6.16::el9",
            "cpe:/a:redhat:satellite_capsule:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el8",
            "cpe:/a:redhat:satellite:6.16::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.16 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.16.5.6-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.17::el9",
            "cpe:/a:redhat:satellite:6.17::el9",
            "cpe:/a:redhat:satellite_utils:6.17::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.17 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0.11-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.16.0.7-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rubygem-katello",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0.4-1.el9sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_capsule:6.18::el9",
            "cpe:/a:redhat:satellite:6.18::el9",
            "cpe:/a:redhat:satellite_utils:6.18::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "satellite",
          "product": "Red Hat Satellite 6.18 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.18.1-1.el9sat",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ohad Levy (Redhat) for reporting this issue."
        }
      ],
      "datePublic": "2025-08-29T06:12:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "n authorization flaw in Foreman\u0027s GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:28:32.518Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21886"
        },
        {
          "name": "RHSA-2025:21893",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21893"
        },
        {
          "name": "RHSA-2025:21894",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21894"
        },
        {
          "name": "RHSA-2025:21897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21897"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-9572"
        },
        {
          "name": "RHBZ#2391715",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391715"
        },
        {
          "url": "https://theforeman.org/security.html#2025-9572"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-29T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-08-29T06:12:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Foreman: satellite: graphql api permission bypass leads to information disclosure",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-863: Incorrect Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-9572",
    "datePublished": "2026-02-27T07:28:44.391Z",
    "dateReserved": "2025-08-28T08:47:45.693Z",
    "dateUpdated": "2026-03-24T11:28:32.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-9572

CVE-2025-9572 (GCVE-0-2025-9572)

Tags

Sightings

Nomenclature