CVE-2025-4404

CVE Details

Release Date:	2025-06-17
Impact:	Important	What is this?

Description

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

See more information about CVE-2025-4404 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	9.1
Vector String:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version:	3.1
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	High
User Interaction:	None
Scope:	Changed
Confidentiality Impact:	High
Integrity Impact:	High
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (bind-dyndb-ldap)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (custodia)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (ipa)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (ipa-healthcheck)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (opendnssec)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (python-jwcrypto)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (python-kdcproxy)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (python-qrcode)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (python-yubico)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (pyusb)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (slapi-nis)	ELSA-2025-9188	2025-06-18
Oracle Linux version 8 (softhsm)	ELSA-2025-9188	2025-06-18
Oracle Linux version 9 (ipa)	ELSA-2025-9184	2025-06-17