Denial-of-Service Vulnerability in KDCProxy Affects Red Hat Products
CVE-2025-59089

5.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
12 November 2025

What is CVE-2025-59089?

An attacker can exploit a vulnerability in KDCProxy by manipulating the connection to an attacker-controlled KDC server. This occurs through server-side request forgery, enabling the attacker to bypass length restrictions on TCP responses. KDCProxy fails to enforce limits on the size of incoming data, leading to excessive memory consumption and CPU usage. The attack can overwhelm server resources, creating conditions that deny service to legitimate users through response buffer overflow and prolonged connection timeouts.

References

https://access.redhat.com/security/cve/CVE-2025-59089
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2393958
issue-trackingx_refsource_REDHAT
https://github.com/latchset/kdcproxy/pull/68

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59089 : Denial-of-Service Vulnerability in KDCProxy Affects Red Hat Products