CVE-2025-7493 - Vulnerability Details

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0009.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat Subscribe	Enterprise Linux Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Els Subscribe Rhel Eus Subscribe Rhel Eus Long Life Subscribe Rhel Tus Subscribe

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
ipa-0:4.12.2-15.el10_0.4	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:17085	2025-09-30T00:00:00Z
Red Hat Enterprise Linux 9
ipa-0:4.12.2-14.el9_6.5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:17084	2025-09-30T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
ipa-0:4.9.8-11.el9_0.5	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:17086	2025-09-30T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
ipa-0:4.10.1-12.el9_2.6	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:17087	2025-09-30T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
ipa-0:4.11.0-15.el9_4.7	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:17088	2025-09-30T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-31739	A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Fixes

Solution

No solution given by the vendor.

Workaround

There's no available mitigation other than updating to the package version.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/09/30/6
https://access.redhat.com/errata/RHSA-2025:17084
https://access.redhat.com/errata/RHSA-2025:17085
https://access.redhat.com/errata/RHSA-2025:17086
https://access.redhat.com/errata/RHSA-2025:17087
https://access.redhat.com/errata/RHSA-2025:17088
https://access.redhat.com/errata/RHSA-2025:17129
https://access.redhat.com/errata/RHSA-2025:17645
https://access.redhat.com/errata/RHSA-2025:17646
https://access.redhat.com/errata/RHSA-2025:17647
https://access.redhat.com/errata/RHSA-2025:17648
https://access.redhat.com/errata/RHSA-2025:17649
https://access.redhat.com/security/cve/CVE-2025-7493
https://bugzilla.redhat.com/show_bug.cgi?id=2389448
https://nvd.nist.gov/vuln/detail/CVE-2025-7493
https://www.cve.org/CVERecord?id=CVE-2025-7493

History

Wed, 05 Nov 2025 07:30:00 +0900

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/09/30/6

Thu, 09 Oct 2025 21:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Els Redhat rhel Eus Long Life Redhat rhel Tus
CPEs	~~cpe:/o:redhat:enterprise_linux:7~~	cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Aus Redhat rhel Els Redhat rhel Eus Long Life Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:17645 https://access.redhat.com/errata/RHSA-2025:17646 https://access.redhat.com/errata/RHSA-2025:17647 https://access.redhat.com/errata/RHSA-2025:17648 https://access.redhat.com/errata/RHSA-2025:17649

Wed, 08 Oct 2025 23:15:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Wed, 01 Oct 2025 15:45:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2025:17129

Wed, 01 Oct 2025 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Wed, 01 Oct 2025 09:15:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.2 cpe:/a:redhat:rhel_eus:9.4
References		https://nvd.nist.gov/vuln/detail/CVE-2025-7493 https://www.cve.org/CVERecord?id=CVE-2025-7493
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 01 Oct 2025 05:15:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb cpe:/a:redhat:rhel_e4s:9.2::appstream
References		https://access.redhat.com/errata/RHSA-2025:17084 https://access.redhat.com/errata/RHSA-2025:17087

Wed, 01 Oct 2025 02:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_eus:9.4::crb
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:17088

Wed, 01 Oct 2025 02:00:00 +0900

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:17085

Wed, 01 Oct 2025 01:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream
Vendors & Products		Redhat rhel E4s
References		https://access.redhat.com/errata/RHSA-2025:17086

Wed, 01 Oct 2025 01:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 01 Oct 2025 00:15:00 +0900

Type	Values Removed	Values Added
Description		A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Title		Freeipa: idm: privilege escalation from host to domain admin in freeipa
First Time appeared		Redhat Redhat enterprise Linux
Weaknesses		CWE-1220
CPEs		cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-7493 https://bugzilla.redhat.com/show_bug.cgi?id=2389448
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-09-30T15:06:46.836Z

Updated: 2025-11-06T21:10:49.216Z

Reserved: 2025-07-11T14:20:32.459Z

Link: CVE-2025-7493

Vulnrichment

Updated: 2025-11-04T21:14:56.918Z

NVD

Status : Awaiting Analysis

Published: 2025-09-30T15:15:58.243

Modified: 2025-11-04T22:16:44.030

Link: CVE-2025-7493

Redhat

Severity : Important

Publid Date: 2025-09-30T00:00:00Z

Links: CVE-2025-7493 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-1220

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object