Vulnerability in Perforce Puppet Enterprise

CVE-2025-10360

In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user…

EPSS: 0.002 (7.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References