CVE-2025-9572 | Vulnerability Database

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

foreman: Satellite: GraphQL API permission bypass leads to information disclosure

Mitigation

Mitigation for this issue is either not available or the currently available options don’t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Affected Software List

Name	Vendor	Version
Red Hat Satellite 6.15 for RHEL 8	RedHat	foreman-0:3.9.1.14-1.el8sat
Red Hat Satellite 6.15 for RHEL 8	RedHat	satellite-0:6.15.5.7-1.el8sat
Red Hat Satellite 6.16 for RHEL 8	RedHat	foreman-0:3.12.0.12-1.el8sat
Red Hat Satellite 6.16 for RHEL 8	RedHat	satellite-0:6.16.5.6-1.el8sat
Red Hat Satellite 6.16 for RHEL 9	RedHat	foreman-0:3.12.0.12-1.el9sat
Red Hat Satellite 6.16 for RHEL 9	RedHat	satellite-0:6.16.5.6-1.el9sat
Red Hat Satellite 6.17 for RHEL 9	RedHat	foreman-0:3.14.0.11-1.el9sat
Red Hat Satellite 6.18 for RHEL 9	RedHat	foreman-0:3.16.0.7-1.el9sat
Red Hat Satellite 6.18 for RHEL 9	RedHat	rubygem-katello-0:4.18.0.4-1.el9sat
Red Hat Satellite 6.18 for RHEL 9	RedHat	satellite-0:6.18.1-1.el9sat

Ubuntu

[Unknown description]

Affected Software List

Name	Vendor	Version
Ruby-foreman	Ubuntu/devel	TBD
Ruby-foreman	Ubuntu/esm-apps/bionic	TBD
Ruby-foreman	Ubuntu/esm-apps/focal	TBD
Ruby-foreman	Ubuntu/esm-apps/jammy	TBD
Ruby-foreman	Ubuntu/jammy	TBD
Ruby-foreman	Ubuntu/noble	TBD
Ruby-foreman	Ubuntu/plucky	end of life, was needs-triage
Ruby-foreman	Ubuntu/questing	TBD
Ruby-foreman	Ubuntu/esm-apps/noble	TBD
Ruby-foreman	Ubuntu/esm-apps/xenial	TBD
Ruby-foreman	Ubuntu/upstream	TBD