CVE-2025-59044

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.0 through 0.9.22

Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The software derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf id attr map = name (the default configuration). Microsoft Entra ID allows multiple groups with the same displayName, which can cause distinct directory groups to collapse to the same numeric GID on Linux. This can lead to unintentional access to resources or services on a Himmelblau-joined host that enforce authorization by numeric GID for a user who creates or joins a different Entra/O365 group sharing the same displayName as a privileged security group.

Recommendations: Upgrade to Himmelblau version 0.9.23, or 1.0.0 or later. As a workaround, use tenant policy hardening to restrict arbitrary group creation until all hosts are patched.