Denial-of-Service Vulnerability in KDCProxy Affects Red Hat Products
CVE-2025-59089

5.9MEDIUM

Key Information:

Vendor

Latchset

Status
Kdcproxy
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat Enterprise Linux 7 Extended Lifecycle Support
Vendor
CVE Published:
12 November 2025

What is CVE-2025-59089?

An attacker can exploit a vulnerability in KDCProxy by manipulating the connection to an attacker-controlled KDC server. This occurs through server-side request forgery, enabling the attacker to bypass length restrictions on TCP responses. KDCProxy fails to enforce limits on the size of incoming data, leading to excessive memory consumption and CPU usage. The attack can overwhelm server resources, creating conditions that deny service to legitimate users through response buffer overflow and prolonged connection timeouts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kdcproxy 0 < 1.1.0

Red Hat Enterprise Linux 10 0:1.0.0-19.el10_1

Red Hat Enterprise Linux 10.0 Extended Update Support 0:1.0.0-19.el10_0

References

https://access.redhat.com/errata/RHSA-2025:21138
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21139
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21140
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.