ByteOS Network

NVD Vulnerability Details :

CVE-2025-9572

Awaiting Analysis

Source-secalert@redhat.com

Published At-27 Feb, 2026 | 08:17

Updated At-27 Feb, 2026 | 14:06

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.0	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	secalert@redhat.com

CWE ID: CWE-200

Type: Primary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2025:21886	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2025:21893	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2025:21894	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2025:21897	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/CVE-2025-9572	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2391715	secalert@redhat.com	N/A
https://theforeman.org/security.html#2025-9572	secalert@redhat.com	N/A