← voltar
CVE-2025-4404

Freeipa: idm: privilege escalation from host to domain admin in freeipa

CVSS 9.1 CRITICALEPSS 1.8%CWE-1220
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
freeipaRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 9.4 Extended Update Support
PoCs públicas encontradas1
githubgithub.com/Im10n/CVE-2025-4404-POC6
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2025:9184https://access.redhat.com/errata/RHSA-2025:9185https://access.redhat.com/errata/RHSA-2025:9186https://access.redhat.com/errata/RHSA-2025:9187https://access.redhat.com/errata/RHSA-2025:9188https://access.redhat.com/errata/RHSA-2025:9189https://access.redhat.com/errata/RHSA-2025:9190https://access.redhat.com/errata/RHSA-2025:9191https://access.redhat.com/errata/RHSA-2025:9192https://access.redhat.com/errata/RHSA-2025:9193https://access.redhat.com/errata/RHSA-2025:9194https://access.redhat.com/security/cve/CVE-2025-4404