CVE-2025-4404

{"id": "CVE-2025-4404", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2025-06-17T14:15:32.743", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:9184", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9185", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9186", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9187", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9188", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9189", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9190", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9191", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9192", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9193", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:9194", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-4404", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364606", "source": "secalert@redhat.com"}, {"url": "https://pagure.io/freeipa/c/6b9400c135ed16b10057b350cc9ce42aa0e862d4", "source": "secalert@redhat.com"}, {"url": "https://pagure.io/freeipa/c/796ed20092d554ee0c9e23295e346ec1e8a0bf6e", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de escalada de privilegios del host al dominio en el proyecto FreeIPA. El paquete FreeIPA no valida la unicidad de `krbCanonicalName` para la cuenta de administrador por defecto, lo que permite a los usuarios crear servicios con el mismo nombre can\u00f3nico que el administrador de REALM. Cuando se produce un ataque exitoso, el usuario puede recuperar un ticket de Kerberos en nombre de este servicio, que contiene la credencial admin@REALM. Esta falla permite a un atacante realizar tareas administrativas a trav\u00e9s de REALM, lo que permite el acceso a datos confidenciales y su exfiltraci\u00f3n."}], "lastModified": "2025-07-29T18:15:29.983", "sourceIdentifier": "secalert@redhat.com"}