Security Advisory

CVE-2025-9572

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 07:28:44

Last updated 2026-03-24 11:28:32

Assigner redhat

State PUBLISHED

Description

n authorization flaw in Foremans GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass.

← Browse all CVEs View on cve.org ↗