6 matches found
CVE-2025-5459
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...
CVE-2025-5459
creationtimestamp| type| source ---|---|--- 2025-06-26 06:51:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19578 2025-06-26 10:31:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsiwcfxzxa2q...
CVE-2025-5459
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...
CVE-2025-5459 OS Command Injection
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...
CVE-2025-5459 OS Command Injection
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...
CVE-2025-5459
The CVE-2025-5459 entry affects Puppet Enterprise: versions 2018.1.8–2023.8.3 and 2025.3 are vulnerable due to a misused node group editing permission and a crafted class parameter that could allow commands to run with root privileges on the primary host. It has been fixed in Puppet Enterprise 20...