Authentication Flaw in Active Directory Integration on Linux Systems by Red Hat
CVE-2025-11561
8.8HIGH
What is CVE-2025-11561?
A vulnerability has been identified in the integration of Active Directory with the System Security Services Daemon (SSSD) on Linux systems. By default, SSSD does not activate the Kerberos local authentication plugin (sssd_krb5_localauth_plugin). This allows attackers who can modify specific Active Directory attributes, such as userPrincipalName or samAccountName, to impersonate users with elevated privileges. This potential exploitation can lead to unauthorized access and privilege escalation on domain-connected Linux hosts, underscoring the need for immediate review and remediation.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Zavier Lee for reporting this issue.