CVE-2025-7493

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FreeIPA (affected versions not specified)

Description A privilege escalation flaw exists in FreeIPA, allowing an attacker to escalate from a host user to a domain administrator. This issue is similar to CVE-2025-4404 and stems from a failure to validate the uniqueness of the krbCanonicalName. Specifically, FreeIPA does not validate the root@REALM canonical name, which can be used as the realm administrator's name, enabling administrative tasks and potential access to sensitive data. The vulnerability could lead to sensitive data exfiltration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1220

Related Identifiers

ALSA-2025:17084

ALSA-2025:17129

ALSA-2025:20928

ALSA-2025:20994

ALT-PU-2025-12683

ALT-PU-2025-12703

ALT-PU-2025-12705

AZL-68190

BDU:2025-14421

CESA-2025_17129

CVE-2025-7493

INFSA-2025_17084

INFSA-2025_17129

INFSA-2025_20928

RHSA-2025:17084

RHSA-2025:17085

RHSA-2025:17086

RHSA-2025:17087

RHSA-2025:17088

RHSA-2025:17129

RHSA-2025:17645

RHSA-2025:17646

RHSA-2025:17647

RHSA-2025:17648

RHSA-2025:17649

RHSA-2025:20928

RHSA-2025:20994

RHSA-2025_17084

RHSA-2025_17129

RHSA-2025_20928

Affected Products

Alt Linux

Almalinux

Centos

Debian

Freeipa

Red Hat

Red Os

Rocky Linux

CVE-2025-7493

Weakness Enumeration

Related Identifiers

Affected Products

References · 63