CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniquen
CVSS
9.1
Crítico
EPSS
1.8%
p76
KEV
—
Exploit Today
23
0-100
Publicado: 17 jun 2025 · Última mod.: 30 jun 2026 · CWE-1220
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9184
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9185
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9186
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9187
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9188
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9189
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9190
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9191
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9192
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9193
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2025:9194
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-4404
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2364606
- pagure.iohttps://pagure.io/freeipa/c/6b9400c135ed16b10057b350cc9ce42aa0e862d4
- pagure.iohttps://pagure.io/freeipa/c/796ed20092d554ee0c9e23295e346ec1e8a0bf6e
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2025/09/30/6