Unrated severityNVD Advisory· Published Feb 27, 2026· Updated Mar 24, 2026
Foreman: satellite: graphql api permission bypass leads to information disclosure
CVE-2025-9572
Description
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Red Hat/Red Hat Satellite 6.15 for RHEL 8v5cpe:/a:redhat:satellite:6.15::el8Range: 0:6.15.5.7-1.el8sat
- Red Hat/Red Hat Satellite 6.17 for RHEL 9v5cpe:/a:redhat:satellite_capsule:6.17::el9Range: 0:3.14.0.11-1.el9sat
- Red Hat/Red Hat Satellite 6.18 for RHEL 9v5cpe:/a:redhat:satellite_capsule:6.18::el9Range: 0:6.18.1-1.el9sat
- Red Hat/Red Hat Satellite 6.16 for RHEL 9v5cpe:/a:redhat:satellite_utils:6.16::el8Range: 0:6.16.5.6-1.el9sat
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1.22.0
Patches
Vulnerability mechanics
References
7- access.redhat.com/errata/RHSA-2025:21886mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21893mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21894mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:21897mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2025-9572mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- theforeman.org/security.htmlmitre
News mentions
0No linked articles in our index yet.