PT-2025-41381 · Sssd+9 · Sssd+10

Zavier Lee

·

Published

2025-10-09

·

Updated

2026-03-10

·

CVE-2025-11561

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions System Security Services Daemon (SSSD) (affected versions not specified)
Description A security issue exists in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. By default, SSSD does not enable the Kerberos local authentication plugin (sssd krb5 localauth plugin). This allows an attacker who can modify specific Active Directory attributes, such as userPrincipalName or samAccountName, to impersonate privileged users. Successful exploitation can lead to unauthorized access or privilege escalation on domain-joined Linux hosts.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Improper Privilege Management

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2025:19610
ALSA-2025:20954
ALSA-2025:21020
BDU:2026-02738
CESA-2025_19610
CVE-2025-11561
INFSA-2025_19610
INFSA-2025_20954
OESA-2025-2514
OESA-2025-2515
OESA-2025-2516
OESA-2025-2517
OESA-2025-2518
OESA-2025-2579
OPENSUSE-SU-2025:15751-1
OPENSUSE-SU-2026:20001-1
RHSA-2025:19610
RHSA-2025:19847
RHSA-2025:19848
RHSA-2025:19849
RHSA-2025:19850
RHSA-2025:19851
RHSA-2025:19852
RHSA-2025:19853
RHSA-2025:19854
RHSA-2025:19859
RHSA-2025:20954
RHSA-2025:21020
RHSA-2025:21067
RHSA-2025_19610
RHSA-2025_20954
SUSE-SU-2025:21066-1
SUSE-SU-2025:21084-1
SUSE-SU-2025:4181-1
SUSE-SU-2025:4182-1
SUSE-SU-2025:4183-1
SUSE-SU-2025:4231-1
SUSE-SU-2025:4232-1
SUSE-SU-2025:4247-1
SUSE-SU-2025_4181-1
SUSE-SU-2025_4182-1
SUSE-SU-2025_4183-1
SUSE-SU-2025_4231-1
SUSE-SU-2025_4232-1
SUSE-SU-2025_4247-1
SUSE-SU-2026:20014-1
SUSE-SU-2026:20019-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Red Hat
Red Os
Rocky Linux
Sssd
Suse
System Security Services Daemon
Sssd Krb5 Localauth Plugin