CVE-2025-2157

March 15, 2025, 7:15 a.m.

3.3
Low

Description

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

Product(s) Impacted

Vendor Product Versions
Red Hat
  • Foreman
  • Red Hat Satellite
  • *
  • *

Weaknesses

CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a red_hat foreman / / / / / / / /
a red_hat red_hat_satellite / / / / / / / /

References

https://access.redhat.com/security/cve/CVE-2025-2157
https://bugzilla.redhat.com/show_bug.cgi?id=2351092

Tags

secalert@redhat.com
CWE-922
2025-03-15
CVE-2025-2157

CVSS Score

3.3 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Date

  • Published: March 15, 2025, 7:15 a.m.
  • Last Modified: March 15, 2025, 7:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secalert@redhat.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.