CVE-2025-10622
📋 TL;DR
This vulnerability in Red Hat Satellite's Foreman component allows authenticated users with edit_settings permissions to execute arbitrary commands on the underlying operating system due to insufficient server-side validation of command whitelisting. It affects Red Hat Satellite deployments where users have edit_settings privileges. The flaw enables remote code execution with the privileges of the Foreman service.
💻 Affected Systems
- Red Hat Satellite
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with edit_settings permissions could gain full control of the Satellite server, potentially compromising the entire infrastructure management system and using it as a pivot point to attack managed systems.
Likely Case
Privileged users or compromised accounts with edit_settings permissions could execute arbitrary commands, potentially leading to data theft, service disruption, or lateral movement within the network.
If Mitigated
With proper access controls limiting edit_settings permissions to essential personnel only, the attack surface is significantly reduced, though the vulnerability remains present in the software.
🎯 Exploit Status
Exploitation requires authenticated access with specific permissions. The vulnerability is in command whitelisting validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat Satellite versions in referenced advisories
Vendor Advisory: https://access.redhat.com/security/cve/CVE-2025-10622
Restart Required: Yes
Instructions:
1. Review Red Hat advisories RHSA-2025:19721, RHSA-2025:19832, RHSA-2025:19855, RHSA-2025:19856. 2. Apply the appropriate Satellite update for your version. 3. Restart Satellite services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict edit_settings permissions
linuxTemporarily limit edit_settings permissions to only absolutely necessary users until patching can be completed
# Review and modify user permissions in Satellite web UI or via hammer CLI
🧯 If You Can't Patch
- Immediately review and restrict edit_settings permissions to minimal necessary users
- Implement network segmentation to isolate Satellite servers from critical infrastructure
🔍 How to Verify
Check if Vulnerable:
Check your Red Hat Satellite version against the affected versions in the Red Hat advisoriesCheck Version:
satellite-maintain health check --version or check Satellite web UIVerify Fix Applied:
Verify Satellite version is updated to a patched version listed in Red Hat advisories and test edit_settings functionality📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in Foreman logs
- Multiple failed permission escalation attempts
- Unexpected system commands from Satellite service account
Network Indicators:
- Unusual outbound connections from Satellite server
- Unexpected SSH or remote access attempts originating from Satellite
SIEM Query:
source="satellite.logs" AND ("command execution" OR "permission denied" OR "edit_settings")🔗 References
- https://access.redhat.com/errata/RHSA-2025:19721
- https://access.redhat.com/errata/RHSA-2025:19832
- https://access.redhat.com/errata/RHSA-2025:19855
- https://access.redhat.com/errata/RHSA-2025:19856
- https://access.redhat.com/security/cve/CVE-2025-10622
- https://bugzilla.redhat.com/show_bug.cgi?id=2396020
- https://theforeman.org/security.html#2025-10622
