CVE-2025-2157

Summary

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

Affected Software

VendorProductVersion RangeStatus
Red HatSatellite Server6.16affected
Red HatSatellite Server6.17affected

Weaknesses

  • CWE-922: Insecure Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References