The Foreman Foreman vulnerabilities

CVE-2025-9572 [MEDIUM] CWE-863 CVE-2025-9572: n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

CVE-2025-10622 [HIGH] CWE-78 CVE-2025-10622: A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticate A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.