Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ctnu-wcs1-dfa2
SummaryA user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
Aliases
0
alias CVE-2025-5459
Fixed_packages
0
url pkg:deb/debian/puppetserver@0?distro=trixie
purl pkg:deb/debian/puppetserver@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@0%3Fdistro=trixie
1
url pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puppetserver@7.9.5-2%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@7.9.5-2%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-5%3Fdistro=trixie
3
url pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
purl pkg:deb/debian/puppetserver@8.7.0-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppetserver@8.7.0-6%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5459
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25565
published_at 2026-04-02T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25601
published_at 2026-04-04T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25373
published_at 2026-04-07T12:55:00Z
3
value 0.0009
scoring_system epss
scoring_elements 0.25442
published_at 2026-04-08T12:55:00Z
4
value 0.0009
scoring_system epss
scoring_elements 0.2549
published_at 2026-04-09T12:55:00Z
5
value 0.0009
scoring_system epss
scoring_elements 0.25502
published_at 2026-04-11T12:55:00Z
6
value 0.00097
scoring_system epss
scoring_elements 0.26773
published_at 2026-04-16T12:55:00Z
7
value 0.00097
scoring_system epss
scoring_elements 0.26745
published_at 2026-04-18T12:55:00Z
8
value 0.00097
scoring_system epss
scoring_elements 0.26823
published_at 2026-04-12T12:55:00Z
9
value 0.00097
scoring_system epss
scoring_elements 0.26766
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5459
1
reference_url https://portal.perforce.com/s/detail/a91PA000001SiDdYAK
reference_id a91PA000001SiDdYAK
reference_type
scores
0
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-26T13:30:51Z/
url https://portal.perforce.com/s/detail/a91PA000001SiDdYAK
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Exploits
Severity_range_score8.6 - 8.6
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ctnu-wcs1-dfa2