CVE-2025-4404
Freeipa: idm: privilege escalation from host to domain admin in freeipa
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, and Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a privilege escalation vulnerability.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-05-06 CVE Reserved
- 2025-06-17 CVE Published
- 2025-06-17 CVE Updated
- 2025-06-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1220: Insufficient Granularity of Access Control
CAPEC
References (13)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2025:9184 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9185 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9186 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9187 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9188 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9189 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9190 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9191 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9192 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9193 | 2025-06-17 | |
| https://access.redhat.com/errata/RHSA-2025:9194 | 2025-06-17 | |
| https://access.redhat.com/security/cve/CVE-2025-4404 | 2025-06-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2364606 | 2025-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Aus Search vendor "Redhat" for product "Rhel Aus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel E4s Search vendor "Redhat" for product "Rhel E4s" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Els Search vendor "Redhat" for product "Rhel Els" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Eus Search vendor "Redhat" for product "Rhel Eus" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Rhel Tus Search vendor "Redhat" for product "Rhel Tus" | * | - |
Affected
| ||||||