- Description
- A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- secalert@redhat.com
- CWE-1220
- Hype score
- Not currently trending
⚡️ FreeIPA fixed critical CVE-2025-4404, discovered by our researcher Mikhail Sukhov! This vulnerability allows an authenticated attacker to escalate privileges from host to domain admin. 🔗 Advisory: https://t.co/cxIXsgK5Ls https://t.co/ScTmM1WP6a
@ptswarm
26 Jun 2025
4487 Impressions
24 Retweets
59 Likes
22 Bookmarks
0 Replies
0 Quotes
CVE-2025-4404 A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName… https://t.co/TPaRTxWX8s
@CVEnew
17 Jun 2025
137 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes