CVE-2025-10622

HIGH LAB

Red Hat Satellite - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-10622. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2025-10622, an OS command injection vulnerability in Foreman (3.12.0-3.16.0). The PoC demonstrates how an authenticated attacker can bypass client-side validation of transpiler settings to execute arbitrary commands via the Foreman process user.

Description

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

Exploits (1)

github WORKING POC

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-10622

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2025-10622, an OS command injection vulnerability in Foreman (3.12.0-3.16.0). The PoC demonstrates how an authenticated attacker can bypass client-side validation of transpiler settings to execute arbitrary commands via the Foreman process user.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Foreman (3.12.0 through 3.16.0)

Auth required

Prerequisites: authenticated access to Foreman with edit_settings permission · network access to Foreman API

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (7)

Core 7

Core References

Various Sources

https://theforeman.org/security.html#2025-10622

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19721

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19832

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19855

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19856

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-10622

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2396020

Related Analysis

Foreman & Telnetd

Scores

CVSS v3 8.0

EPSS 0.0010

EPSS Percentile 26.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2025-10622-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-78

Status published

Products (7)

Red Hat/Red Hat Satellite 6

Red Hat/Red Hat Satellite 6.15 for RHEL 8 0:3.9.1.13-1.el8sat

Red Hat/Red Hat Satellite 6.16 for RHEL 8 0:3.12.0.11-1.el8sat

Red Hat/Red Hat Satellite 6.16 for RHEL 9 0:3.12.0.11-1.el9sat

Red Hat/Red Hat Satellite 6.17 for RHEL 9 0:3.14.0.10-1.el9sat

Red Hat/Red Hat Satellite 6.18 for RHEL 9 0:3.16.0.4-1.el9sat

The Foreman/Foreman 3.12.0 - 3.16.1

Published Nov 05, 2025

Tracked Since Feb 18, 2026