Freeipa · Freeipa · CVE-2025-7493
**Name of the Vulnerable Software and Affected Versions**
FreeIPA (affected versions not specified)
**Description**
A privilege escalation flaw exists in FreeIPA, allowing an attacker to escalate from a host user to a domain administrator. This issue is similar to CVE-2025-4404 and stems from a failure to validate the uniqueness of the `krbCanonicalName`. Specifically, FreeIPA does not validate the `root@REALM` canonical name, which can be used as the realm administrator's name, enabling administrative tasks and potential access to sensitive data. The vulnerability could lead to sensitive data exfiltration.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.