Privilege Escalation Vulnerability in FreeIPA Affected by Red Hat
CVE-2025-7493
Key Information:
- Vendor
Red Hat
- Status
- Vendor
- CVE Published:
- 30 September 2025
What is CVE-2025-7493?
A vulnerability has been discovered in FreeIPA that allows an attacker to escalate privileges from host to domain administrator. This flaw arises from an improper validation of krbCanonicalName uniqueness. Although previous versions introduced validations for the admin@REALM credential, the critical validation for root@REALM remains unaddressed, exposing the realm administrator's name to potential exploitation. As a consequence, this issue could permit an attacker to execute administrative tasks across the REALM, facilitating access to sensitive data and risking data exfiltration.
Affected Version(s)
Red Hat Enterprise Linux 10 0:4.12.2-15.el10_0.4
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 0:4.9.8-11.el9_0.5
Red Hat Enterprise Linux 9.4 Extended Update Support 0:4.11.0-15.el9_4.7
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved