{"uuid": "c36a52a3-a44b-40fc-b9a4-ec433024de0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-5459", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19578", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5459\n\ud83d\udd25 CVSS Score: 8.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.\n\ud83d\udccf Published: 2025-06-26T06:30:56.546Z\n\ud83d\udccf Modified: 2025-06-26T06:30:56.546Z\n\ud83d\udd17 References:\n1. https://portal.perforce.com/s/detail/a91PA000001SiDdYAK", "creation_timestamp": "2025-06-26T06:51:22.000000Z"}