Unrated severityNVD Advisory· Published Jun 26, 2025· Updated Jul 3, 2025
OS Command Injection
CVE-2025-5459
Description
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
Affected products
2- Range: >=2018.1.8 <=2023.8.3, =2025.3
- Perforce/Puppet Enterprisev5Range: 2018.1.8
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.