CVE-2025-7493

Summary

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 100:4.12.2-15.el10_0.4 < *unaffected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:4.6.8-5.el7_9.23 < *unaffected
Red HatRed Hat Enterprise Linux 88100020250919180242.143e9e98 < *unaffected
Red HatRed Hat Enterprise Linux 88100020250918211722.823393f5 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020250924110056.50ea30f9 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020250924104944.792f4060 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020250923180004.f153676a < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020250923175408.5b01ab7e < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On8040020250923180004.f153676a < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On8040020250923175408.5b01ab7e < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020250916172436.c1533a64 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020250916174421.ada582f1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020250916172436.c1533a64 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020250916174421.ada582f1 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020250916172436.c1533a64 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020250916174421.ada582f1 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service8080020250918184739.e581a9e4 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service8080020250918152850.b0a6ceea < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions8080020250918184739.e581a9e4 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions8080020250918152850.b0a6ceea < *unaffected
Red HatRed Hat Enterprise Linux 90:4.12.2-14.el9_6.5 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:4.9.8-11.el9_0.5 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:4.10.1-12.el9_2.6 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:4.11.0-15.el9_4.7 < *unaffected

Weaknesses

  • CWE-1220: Insufficient Granularity of Access Control

Workarounds

There's no available mitigation other than updating to the package version.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References