CVE-2025-54781

02.08.2025, 00:15

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaud_tasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune compliance status, and may permit additional administrative operations for the Intune host device (though the API for these operations is undocumented). This is fixed in version 1.1.0. To workaround this issue, ensure that Himmelblau debugging is disabled.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.8 LOW	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
GitHub_M	CNA	2.8 LOW	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

https://github.com/himmelblau-idm/himmelblau/commit/2d512bded90ac6a54fcdf737b43ff5d9d4cdb59e

https://github.com/himmelblau-idm/himmelblau/releases/tag/1.1.0

https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-78qg-vmrw-574w