CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5459

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.6%

CVSS Severity

CVSS v3 Score 8.8

References

https://portal.perforce.com/s/detail/a91PA000001SiDdYAK

Products affected by CVE-2025-5459

Puppet » Puppet Enterprise » Version: 2018.1.11

cpe:2.3:a:puppet:puppet_enterprise:2018.1.11
Puppet » Puppet Enterprise » Version: 2018.1.13

cpe:2.3:a:puppet:puppet_enterprise:2018.1.13
Puppet » Puppet Enterprise » Version: 2018.1.15

cpe:2.3:a:puppet:puppet_enterprise:2018.1.15
Puppet » Puppet Enterprise » Version: 2018.1.8

cpe:2.3:a:puppet:puppet_enterprise:2018.1.8
Puppet » Puppet Enterprise » Version: 2018.1.9

cpe:2.3:a:puppet:puppet_enterprise:2018.1.9
Puppet » Puppet Enterprise » Version: 2019.0

cpe:2.3:a:puppet:puppet_enterprise:2019.0
Puppet » Puppet Enterprise » Version: 2019.0.0

cpe:2.3:a:puppet:puppet_enterprise:2019.0.0
Puppet » Puppet Enterprise » Version: 2019.0.1

cpe:2.3:a:puppet:puppet_enterprise:2019.0.1
Puppet » Puppet Enterprise » Version: 2019.0.2

cpe:2.3:a:puppet:puppet_enterprise:2019.0.2
Puppet » Puppet Enterprise » Version: 2019.0.3

cpe:2.3:a:puppet:puppet_enterprise:2019.0.3
Puppet » Puppet Enterprise » Version: 2019.0.4

cpe:2.3:a:puppet:puppet_enterprise:2019.0.4
Puppet » Puppet Enterprise » Version: 2019.1.0

cpe:2.3:a:puppet:puppet_enterprise:2019.1.0
Puppet » Puppet Enterprise » Version: 2019.1.1

cpe:2.3:a:puppet:puppet_enterprise:2019.1.1
Puppet » Puppet Enterprise » Version: 2019.1.3

cpe:2.3:a:puppet:puppet_enterprise:2019.1.3
Puppet » Puppet Enterprise » Version: 2019.2.0

cpe:2.3:a:puppet:puppet_enterprise:2019.2.0
Puppet » Puppet Enterprise » Version: 2019.2.1

cpe:2.3:a:puppet:puppet_enterprise:2019.2.1
Puppet » Puppet Enterprise » Version: 2019.2.2

cpe:2.3:a:puppet:puppet_enterprise:2019.2.2
Puppet » Puppet Enterprise » Version: 2019.4.0

cpe:2.3:a:puppet:puppet_enterprise:2019.4.0
Puppet » Puppet Enterprise » Version: 2019.5.0

cpe:2.3:a:puppet:puppet_enterprise:2019.5.0
Puppet » Puppet Enterprise » Version: 2019.7.0

cpe:2.3:a:puppet:puppet_enterprise:2019.7.0
Puppet » Puppet Enterprise » Version: 2019.8.7

cpe:2.3:a:puppet:puppet_enterprise:2019.8.7
Puppet » Puppet Enterprise » Version: 2019.8.8

cpe:2.3:a:puppet:puppet_enterprise:2019.8.8
Puppet » Puppet Enterprise » Version: 2019.8.9

cpe:2.3:a:puppet:puppet_enterprise:2019.8.9
Puppet » Puppet Enterprise » Version: 2021.0.0

cpe:2.3:a:puppet:puppet_enterprise:2021.0.0
Puppet » Puppet Enterprise » Version: 2021.2.0

cpe:2.3:a:puppet:puppet_enterprise:2021.2.0
Puppet » Puppet Enterprise » Version: 2021.4.0

cpe:2.3:a:puppet:puppet_enterprise:2021.4.0
Puppet » Puppet Enterprise » Version: 2021.7.1

cpe:2.3:a:puppet:puppet_enterprise:2021.7.1
Puppet » Puppet Enterprise » Version: 2021.7.10

cpe:2.3:a:puppet:puppet_enterprise:2021.7.10
Puppet » Puppet Enterprise » Version: 2021.7.4

cpe:2.3:a:puppet:puppet_enterprise:2021.7.4
Puppet » Puppet Enterprise » Version: 2021.7.6

cpe:2.3:a:puppet:puppet_enterprise:2021.7.6
Puppet » Puppet Enterprise » Version: 2021.7.7

cpe:2.3:a:puppet:puppet_enterprise:2021.7.7
Puppet » Puppet Enterprise » Version: 2021.7.8

cpe:2.3:a:puppet:puppet_enterprise:2021.7.8
Puppet » Puppet Enterprise » Version: 2021.7.9

cpe:2.3:a:puppet:puppet_enterprise:2021.7.9
Puppet » Puppet Enterprise » Version: 2023.0

cpe:2.3:a:puppet:puppet_enterprise:2023.0
Puppet » Puppet Enterprise » Version: 2023.1.0

cpe:2.3:a:puppet:puppet_enterprise:2023.1.0
Puppet » Puppet Enterprise » Version: 2023.2.0

cpe:2.3:a:puppet:puppet_enterprise:2023.2.0
Puppet » Puppet Enterprise » Version: 2023.5.0

cpe:2.3:a:puppet:puppet_enterprise:2023.5.0
Puppet » Puppet Enterprise » Version: 2023.8.0

cpe:2.3:a:puppet:puppet_enterprise:2023.8.0
Puppet » Puppet Enterprise » Version: 2023.8.1

cpe:2.3:a:puppet:puppet_enterprise:2023.8.1
Puppet » Puppet Enterprise » Version: 2023.8.2

cpe:2.3:a:puppet:puppet_enterprise:2023.8.2
Puppet » Puppet Enterprise » Version: 2023.8.3

cpe:2.3:a:puppet:puppet_enterprise:2023.8.3
Puppet » Puppet Enterprise » Version: 2025.3.0

cpe:2.3:a:puppet:puppet_enterprise:2025.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5459

Products

Pricing

Contact Us