vulnerability

Red Hat: CVE-2025-59088: python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Nov 12, 2025	Nov 14, 2025	Jan 28, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Nov 12, 2025

Added

Nov 14, 2025

Modified

Jan 28, 2026

Description

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where
the "use_dns" setting is explicitly set to false are not affected.

Solutions

redhat-upgrade-bind-dyndb-ldapredhat-upgrade-bind-dyndb-ldap-debuginforedhat-upgrade-bind-dyndb-ldap-debugsourceredhat-upgrade-custodiaredhat-upgrade-ipa-clientredhat-upgrade-ipa-client-commonredhat-upgrade-ipa-client-debuginforedhat-upgrade-ipa-client-epnredhat-upgrade-ipa-client-sambaredhat-upgrade-ipa-commonredhat-upgrade-ipa-debuginforedhat-upgrade-ipa-debugsourceredhat-upgrade-ipa-healthcheckredhat-upgrade-ipa-healthcheck-coreredhat-upgrade-ipa-python-compatredhat-upgrade-ipa-selinuxredhat-upgrade-ipa-serverredhat-upgrade-ipa-server-commonredhat-upgrade-ipa-server-debuginforedhat-upgrade-ipa-server-dnsredhat-upgrade-ipa-server-trust-adredhat-upgrade-ipa-server-trust-ad-debuginforedhat-upgrade-opendnssecredhat-upgrade-opendnssec-debuginforedhat-upgrade-opendnssec-debugsourceredhat-upgrade-python3-custodiaredhat-upgrade-python3-ipaclientredhat-upgrade-python3-ipalibredhat-upgrade-python3-ipaserverredhat-upgrade-python3-ipatestsredhat-upgrade-python3-jwcryptoredhat-upgrade-python3-kdcproxyredhat-upgrade-python3-pyusbredhat-upgrade-python3-qrcoderedhat-upgrade-python3-qrcode-coreredhat-upgrade-python3-yubicoredhat-upgrade-slapi-nisredhat-upgrade-slapi-nis-debuginforedhat-upgrade-slapi-nis-debugsourceredhat-upgrade-softhsmredhat-upgrade-softhsm-debuginforedhat-upgrade-softhsm-debugsourceredhat-upgrade-softhsm-devel

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today