Description

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

INFO

Published Date :

2026-02-27T07:28:44.391Z

Last Modified :

2026-03-24T11:28:32.518Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9572 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Satellite
  • Satellite Capsule
  • Satellite Utils
Theforeman
  • Foreman
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9572.

URL Resource
https://access.redhat.com/errata/RHSA-2025:21886 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21893 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21894 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:21897 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-9572 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2391715 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-9572 cve-icon
https://theforeman.org/security.html#2025-9572 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-9572 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact