PT-2025-46675 · Kdcproxy+6 · Kdcproxy+6

Published

2025-11-12

Updated

2026-01-29

CVE-2025-59088

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions kdcproxy (affected versions not specified)

Description kdcproxy is susceptible to a server-side request forgery condition. When kdcproxy processes a request for a realm lacking defined server addresses in its configuration, it defaults to querying SRV records in the DNS zone corresponding to the requested realm. This behavior allows attackers to leverage maliciously crafted SRV records pointing to arbitrary hostnames and ports, potentially enabling them to probe internal network topology, perform port scanning, and exfiltrate data. Deployments where the use dns setting is explicitly set to false are not affected.

Recommendations Ensure the use dns setting is explicitly set to false in the kdcproxy configuration.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

ALSA-2025:21139

ALSA-2025:21140

ALSA-2025:21142

AZL-70174

AZL-70184

BDU:2026-03011

CESA-2025_21140

CVE-2025-59088

INFSA-2025_21139

INFSA-2025_21140

RHSA-2025:21138

RHSA-2025:21139

RHSA-2025:21140

RHSA-2025:21141

RHSA-2025:21142

RHSA-2025:21448

RHSA-2025:21748

RHSA-2025:21806

RHSA-2025:21818

RHSA-2025:21819

RHSA-2025:21820

RHSA-2025:21821

RHSA-2025:22982

RHSA-2025_21139

RHSA-2025_21140

Affected Products

Almalinux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Kdcproxy

PT-2025-46675 · Kdcproxy+6 · Kdcproxy+6

CVE-2025-59088

Weakness Enumeration

Related Identifiers

Affected Products

References · 54