Perforce Puppet Enterprise vulnerabilities

CVE-2025-10360 [MEDIUM] CWE-522 CVE-2025-10360: In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encryp

CVE-2025-5459 [HIGH] CWE-78 CVE-2025-5459: A user with specific node group editing permissions and a specially crafted class parameter could be A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.