vulnerability
Red Hat: CVE-2025-4404: freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Jun 17, 2025 | Jun 18, 2025 | Jan 28, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Jun 17, 2025
Added
Jun 18, 2025
Modified
Jan 28, 2026
Description
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-bind-dyndb-ldapredhat-upgrade-bind-dyndb-ldap-debuginforedhat-upgrade-bind-dyndb-ldap-debugsourceredhat-upgrade-custodiaredhat-upgrade-ipa-clientredhat-upgrade-ipa-client-commonredhat-upgrade-ipa-client-debuginforedhat-upgrade-ipa-client-encrypted-dnsredhat-upgrade-ipa-client-epnredhat-upgrade-ipa-client-sambaredhat-upgrade-ipa-commonredhat-upgrade-ipa-debuginforedhat-upgrade-ipa-debugsourceredhat-upgrade-ipa-healthcheckredhat-upgrade-ipa-healthcheck-coreredhat-upgrade-ipa-python-compatredhat-upgrade-ipa-selinuxredhat-upgrade-ipa-selinux-lunaredhat-upgrade-ipa-selinux-nfastredhat-upgrade-ipa-serverredhat-upgrade-ipa-server-commonredhat-upgrade-ipa-server-debuginforedhat-upgrade-ipa-server-dnsredhat-upgrade-ipa-server-encrypted-dnsredhat-upgrade-ipa-server-trust-adredhat-upgrade-ipa-server-trust-ad-debuginforedhat-upgrade-opendnssecredhat-upgrade-opendnssec-debuginforedhat-upgrade-opendnssec-debugsourceredhat-upgrade-python3-custodiaredhat-upgrade-python3-ipaclientredhat-upgrade-python3-ipalibredhat-upgrade-python3-ipaserverredhat-upgrade-python3-ipatestsredhat-upgrade-python3-jwcryptoredhat-upgrade-python3-kdcproxyredhat-upgrade-python3-pyusbredhat-upgrade-python3-qrcoderedhat-upgrade-python3-qrcode-coreredhat-upgrade-python3-yubicoredhat-upgrade-slapi-nisredhat-upgrade-slapi-nis-debuginforedhat-upgrade-slapi-nis-debugsourceredhat-upgrade-softhsmredhat-upgrade-softhsm-debuginforedhat-upgrade-softhsm-debugsourceredhat-upgrade-softhsm-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.