{
  "threat_severity" : "Important",
  "public_date" : "2025-11-01T23:59:00Z",
  "bugzilla" : {
    "description" : "foreman: OS command injection via ct_location and fcct_location parameters",
    "id" : "2396020",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396020"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-78",
  "details" : [ "A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.", "A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting." ],
  "statement" : "This vulnerability is rated Important for Red Hat Satellite due to an OS command injection flaw in the Foreman component. An authenticated user with `edit_settings` permissions can bypass client-side whitelisting for `ct_location` and `fcct_location` parameters, leading to arbitrary command execution on the underlying operating system. This affects Red Hat Satellite versions 6.15, 6.16, 6.17, and 6.18.",
  "acknowledgement" : "Red Hat would like to thank Michał Bartoszuk (stmcyber.pl) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Satellite 6.15 for RHEL 8",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19856",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.15::el8",
    "package" : "foreman-0:3.9.1.13-1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 8",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19855",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.16::el8",
    "package" : "foreman-0:3.12.0.11-1.el8sat"
  }, {
    "product_name" : "Red Hat Satellite 6.16 for RHEL 9",
    "release_date" : "2025-11-06T00:00:00Z",
    "advisory" : "RHSA-2025:19855",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.16::el9",
    "package" : "foreman-0:3.12.0.11-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.17 for RHEL 9",
    "release_date" : "2025-11-05T00:00:00Z",
    "advisory" : "RHSA-2025:19832",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.17::el9",
    "package" : "foreman-0:3.14.0.10-1.el9sat"
  }, {
    "product_name" : "Red Hat Satellite 6.18 for RHEL 9",
    "release_date" : "2025-11-04T00:00:00Z",
    "advisory" : "RHSA-2025:19721",
    "cpe" : "cpe:/a:redhat:satellite_utils:6.18::el9",
    "package" : "foreman-0:3.16.0.4-1.el9sat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Affected",
    "package_name" : "satellite:el8/foreman",
    "cpe" : "cpe:/a:redhat:satellite:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-10622\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10622\nhttps://theforeman.org/security.html#2025-10622" ],
  "name" : "CVE-2025-10622",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}