cvedb.io
CVE-2025-9572
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2026-02-27T08:17:06.373 · Last modified 2026-06-17T10:09:17.330

Summary

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

Affected products

theforeman — foreman

Does this affect you?

Add your gear to cvedb and we'll alert you only when theforeman ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.