CVE-2025-11561

09.10.2025, 14:15

A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Ubuntu Releases

Ubuntu Product

Codename

sssd

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (SSSD, libsoup): Mehrere Schwachstellen
Ein entfernter authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Administratorrechte zu erlangen oder Sicherheitsmaßnahmen zu umgehen.
Published: 2025-11-04T23:00:00+00:00

References

https://access.redhat.com/errata/RHSA-2025:19610

https://access.redhat.com/errata/RHSA-2025:19847

https://access.redhat.com/errata/RHSA-2025:19848

https://access.redhat.com/errata/RHSA-2025:19849

https://access.redhat.com/errata/RHSA-2025:19850

https://access.redhat.com/errata/RHSA-2025:19851

https://access.redhat.com/errata/RHSA-2025:19852

https://access.redhat.com/errata/RHSA-2025:19853

https://access.redhat.com/errata/RHSA-2025:19854

https://access.redhat.com/errata/RHSA-2025:19859

https://access.redhat.com/errata/RHSA-2025:20954

https://access.redhat.com/errata/RHSA-2025:21020

https://access.redhat.com/errata/RHSA-2025:21067

https://access.redhat.com/errata/RHSA-2025:21329

https://access.redhat.com/errata/RHSA-2025:21795

https://access.redhat.com/errata/RHSA-2025:22256

https://access.redhat.com/errata/RHSA-2025:22265

https://access.redhat.com/errata/RHSA-2025:22277

https://access.redhat.com/errata/RHSA-2025:22529

https://access.redhat.com/errata/RHSA-2025:22548

https://access.redhat.com/security/cve/CVE-2025-11561

https://blog.async.sg/kerberos-ldr

https://bugzilla.redhat.com/show_bug.cgi?id=2402727