Persistent Credential Cache Exposure in Himmelblau Interoperability Suite for Microsoft Azure Entra ID and Intune
CVE-2025-54882

7.1HIGH

Key Information:

Vendor

Himmelblau-idm

Status
Himmelblau
Vendor
CVE Published:
7 August 2025

What is CVE-2025-54882?

The Himmelblau interoperability suite, designed for Microsoft Azure Entra ID and Intune, inadvertently exposes stored Kerberos credentials in its versioned releases. Specifically, from versions 0.8.0 to 0.9.21 and 1.0.0-beta to 1.1.0, the cloud TGT obtained during user logon is saved in a Kerberos credential cache that is accessible to all users. This misconfiguration could lead to unauthorized access to sensitive credentials. Users are advised to upgrade to version 0.9.22 or 1.2.0 to rectify this issue or to implement stricter access controls to the credential cache, allowing read access solely to owners.

Affected Version(s)

himmelblau >= 0.8.0, < 0.9.22 < 0.8.0, 0.9.22

himmelblau >= 1.0.0-beta, < 1.2.0 < 1.0.0-beta, 1.2.0

References

https://github.com/himmelblau-idm/himmelblau/security/adv...
x_refsource_CONFIRM
https://github.com/himmelblau-idm/himmelblau/commit/b5620...
x_refsource_MISC
https://github.com/himmelblau-idm/himmelblau/commit/faae5...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-54882 : Persistent Credential Cache Exposure in Himmelblau Interoperability Suite for Microsoft Azure Entra ID and Intune