CVE Alert: CVE-2025-10622 - Red Hat - Red Hat Satellite 6.18 for RHEL 9

CVE-2025-10622

HIGHNo exploitation known

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

CVSS v3.1 (8)

AV NETWORK · AC HIGH · PR HIGH · UI NONE · S CHANGED

Vendor

Red Hat, Red Hat

Product

Red Hat Satellite 6.18 for RHEL 9, Red Hat Satellite 6

Versions

0:3.16.0.4-1.el9sat lt *

CWE

CWE-602, Client-Side Enforcement of Server-Side Security

Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Published

2025-11-05T07:32:14.390Z

Updated

2025-11-05T07:36:33.260Z

cpe:/a:redhat:satellite_utils:6.18::el9cpe:/a:redhat:satellite:6.18::el9cpe:/a:redhat:satellite_maintenance:6.18::el9cpe:/a:redhat:satellite_capsule:6.18::el9cpe:/a:redhat:satellite:6

References

https://access.redhat.com/errata/RHSA-2025:19721

https://access.redhat.com/security/cve/CVE-2025-10622

https://bugzilla.redhat.com/show_bug.cgi?id=2396020

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Alerts for unusual shell/OS command execution originating from Foreman components.
Unexpected processes spawned by foreman/httpd or foreman-proxy with suspicious arguments.
Anomalous requests to ct_location/fcct_location parameters or elevated privilege actions.
Sudden spikes in admin API usage or privilege changes.
Correlated log entries showing failed/suspicious command-wrapping patterns.

Mitigation and prioritisation

Apply RHSA-2025:19721 patch when available; verify patch applicability in test env before production rollout.
Enforce least privilege for edit_settings; restrict management access to trusted networks and enforce MFA.
Network controls: allowlists, strong authentication, and segmentation around the Foreman/Satellite tier.
Implement command-logging and SIEM detections for OS commands from management components; consider temporary disablement of high-risk features if feasible.
If KEV or EPSS data indicate high exploitability, treat as priority 1. Currently, this requires vendor-confirmed exploit likelihood.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-10622, OSINT, red-hat, red-hat-satellite-6, red-hat-satellite-6-18-for-rhel-9, threatintel