{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:32:15.374","vulnerabilities":[{"cve":{"id":"CVE-2025-9572","sourceIdentifier":"secalert@redhat.com","published":"2026-02-27T08:17:06.373","lastModified":"2026-03-24T12:16:12.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass."},{"lang":"es","value":"Una falla de autorización en la API GraphQL de Foreman permite a usuarios con bajos privilegios acceder a metadatos más allá de sus permisos asignados. A diferencia de la API REST, que aplica correctamente los controles de acceso, el endpoint GraphQL no aplica un filtrado adecuado, lo que lleva a una omisión de autorización."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*","versionStartIncluding":"1.22.0","versionEndExcluding":"3.16.2","matchCriteriaId":"1D99F6FA-1E2E-4914-A644-C114F9780C16"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.15:*:*:*:*:*:*:*","matchCriteriaId":"1F12DC81-33E9-4693-8636-7A1AD20D5CA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.16:*:*:*:*:*:*:*","matchCriteriaId":"DD7B59EF-75E0-41FE-A5D6-BCE41107E2D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.17:*:*:*:*:*:*:*","matchCriteriaId":"342183ED-1495-4481-9164-B3ED8424B618"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:6.18:*:*:*:*:*:*:*","matchCriteriaId":"C2205338-7476-46DC-ABB2-52F0BBAAD01D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite_capsule:6.15:*:*:*:*:*:*:*","matchCriteriaId":"142F6FF2-B450-4309-B56A-6B8C0640E2D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite_capsule:6.16:*:*:*:*:*:*:*","matchCriteriaId":"EB9D21EC-ABF6-49AC-A353-5A5BEAA5EE03"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite_capsule:6.17:*:*:*:*:*:*:*","matchCriteriaId":"0C3723A5-FB16-4259-BABF-918506E2CF05"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite_capsule:6.18:*:*:*:*:*:*:*","matchCriteriaId":"D9B1769A-37F4-40CB-B613-7B60C4F63D4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:21886","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:21893","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:21894","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2025:21897","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-9572","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391715","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://theforeman.org/security.html#2025-9572","source":"secalert@redhat.com","tags":["Vendor Advisory"]}]}}]}