Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5459

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.

Published

2025-06-26T07:15:27.440

Last Modified

2025-10-14T17:00:33.327

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	puppet	puppet_enterprise	< 2023.8.4	Yes
Application	puppet	puppet_enterprise	2025.3.0	Yes

References

https://portal.perforce.com/s/detail/a91PA000001SiDdYAK Third Party Advisory ([email protected])