PT-2025-25655 · Freeipa+8 · Freeipa+8

Mikhail Sukhov

Published

2025-04-16

Updated

2026-02-28

CVE-2025-4404

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeIPA (affected versions not specified)

Description A privilege escalation from host to domain issue was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-1220

Related Identifiers

ALSA-2025:9184

ALSA-2025:9188

ALSA-2025:9190

ALT-PU-2025-15500

ALT-PU-2025-8171

ALT-PU-2025-8208

BDU:2025-04863

CESA-2025_9188

CVE-2025-4404

INFSA-2025_9184

INFSA-2025_9188

RHSA-2025:9184

RHSA-2025:9185

RHSA-2025:9186

RHSA-2025:9187

RHSA-2025:9188

RHSA-2025:9189

RHSA-2025:9190

RHSA-2025:9191

RHSA-2025:9192

RHSA-2025:9193

RHSA-2025:9194

RHSA-2025_9184

RHSA-2025_9188

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freeipa

Red Hat

Red Os

Rocky Linux

PT-2025-25655 · Freeipa+8 · Freeipa+8

CVE-2025-4404

Weakness Enumeration

Related Identifiers

Affected Products

References · 54