CVE-2025-2157: Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

Description

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited effectively.

Classification

CVE ID: CVE-2025-2157

Problem Types

Insecure Storage of Sensitive Information

Affected Products

Vendor: Red Hat

Product: Red Hat Satellite 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.48% (scored less or equal to compared to others)

EPSS Date: 2025-04-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2157
https://access.redhat.com/security/cve/CVE-2025-2157
https://bugzilla.redhat.com/show_bug.cgi?id=2351092

Timeline

2025-03-15 07:40:09 UTC
CVE

Foreman: disclosure of executed commands and outputs in foreman / red hat satellite