CVE-2025-7493

EUVD-2025-31739
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Debian logo
Debian Releases
Debian Product
Codename
freeipa
bookworm
unimportant
sid
unimportant
trixie
unimportant
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
ipa-client
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-client-common
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-client-encrypted-dns
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-client-epn
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-client-samba
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-common
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-selinux
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-selinux-luna
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-selinux-nfast
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-server
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-server-common
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-server-dns
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-server-encrypted-dns
RHEL 9
0:4.12.2-22.el9_7.1
fixed
ipa-server-trust-ad
RHEL 9
0:4.12.2-22.el9_7.1
fixed
python3-ipaclient
RHEL 9
0:4.12.2-22.el9_7.1
fixed
python3-ipalib
RHEL 9
0:4.12.2-22.el9_7.1
fixed
python3-ipaserver
RHEL 9
0:4.12.2-22.el9_7.1
fixed
python3-ipatests
RHEL 9
0:4.12.2-22.el9_7.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
389-ds-base
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.4
fixed
389-ds-base-debuginfo
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.4
fixed
389-ds-base-devel
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.4
fixed
389-ds-base-libs
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.4
fixed
389-ds-base-snmp
Amazon Linux 2
0:1.3.10.2-17.amzn2.0.4
fixed
ipa-client
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-client-common
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-common
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-debuginfo
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-python-compat
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-server
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-server-common
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-server-dns
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
ipa-server-trust-ad
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
python2-ipaclient
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
python2-ipalib
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed
python2-ipaserver
Amazon Linux 2
0:4.6.8-5.amzn2.17.3
fixed