Puppet Enterprise

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-5459 HIGH PATCH This Week

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.

Command Injection Debian Puppet Enterprise

NVD

CVSS 3.1

8.8

EPSS

0.1%

CVE-2025-5459

EPSS 0% CVSS 8.8

HIGH PATCH This Week

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.

Command Injection Debian Puppet Enterprise

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy