ГлавнаяУязвимости → CVE-2025-4404
9.1критическая

CVE-2025-4404

→ есть в БДУ: BDU:2025-04863 (на русском)
Описание (на английском; русское — в БДУ выше)

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://access.redhat.com/errata/RHSA-2025:9184https://access.redhat.com/errata/RHSA-2025:9185https://access.redhat.com/errata/RHSA-2025:9186https://access.redhat.com/errata/RHSA-2025:9187https://access.redhat.com/errata/RHSA-2025:9188https://access.redhat.com/errata/RHSA-2025:9189https://access.redhat.com/errata/RHSA-2025:9190https://access.redhat.com/errata/RHSA-2025:9191