Key Information Bug ID: Bug 2396020 (CVE-2025-10622) Vulnerability Type: OS command injection via ct_location and fctxt_location parameters Report Date: 2025-09-17 09:16 UTC Last Modified: 2025-11-05 04:27 UTC Status: NEW Product: Security Response Component: vulnerability Operating System: Linux Priority: high Severity: high Fixed Version: RHSA-2025:19721 Affected Product: Red Hat Satellite 6.16.5.2 (Foreman 3.12.0.8-1) Vulnerability Description A command injection flaw was found in Red Hat Satellite 6.16.5.2 (Foreman 3.12.0.8-1). Although a whitelist for CoreOS Transpiler Command and Fedora CoreOS Transpiler Command is implemented, the whitelist is only enforced on the client-side and is not validated on the server-side. This flaw allows an authenticated user with edit_settings permissions to modify these parameters to achieve arbitrary command execution on the underlying operating system and bypass safe mode rendering. Resolution This issue has been addressed in the following products: Red Hat Satellite 6.18 for RHEL 9 Via RHSA-2025:19721 https://access.redhat.com/errata/RHSA-2025:19721