CNNVD-202506-1980 Information

Jun 17, 2025 cve

CNNVD ID

CNNVD-202506-1980

CVE-2025-4404

  • CNNVD Published: 2025-06-17

Description (Chinese)

Red Hat FreeIPA是美国红帽(Red Hat)公司的一套集成的安全信息管理解决方案。该产品主要为Linux和Unix计算机网络提供身份管理、策略管理和审计管理(IPA)等功能。 Red Hat FreeIPA存在安全漏洞,该漏洞源于未验证krbCanonicalName唯一性,可能导致攻击者获取REALM管理员凭据并执行管理任务。

Description (English)

Red Hat FreeIPA is an integrated security information management solution for Red Hat. The product mainly provides identity management, strategy management and audit management (IPA) functions for Linux and Unix computer networks. Red Hat FreeIPA has a security loophole, which stems from the unverified uniqueness of krbCanonicalName, which may lead the attackers to obtain evidence from the REALM administrator and perform management tasks.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

红帽

Published

2025-06-17

Last Modified

2026-02-24

References

https://access.redhat.com/errata/RHSA-2025:9190 https://access.redhat.com/errata/RHSA-2025:9186 https://access.redhat.com/errata/RHSA-2025:9187 https://access.redhat.com/errata/RHSA-2025:9184 https://access.redhat.com/errata/RHSA-2025:9185 https://access.redhat.com/errata/RHSA-2025:9193 https://access.redhat.com/errata/RHSA-2025:9194 https://bugzilla.redhat.com/show_bug.cgi?id=2364606 https://access.redhat.com/errata/RHSA-2025:9191 https://access.redhat.com/errata/RHSA-2025:9192 https://access.redhat.com/errata/RHSA-2025:9188 https://access.redhat.com/errata/RHSA-2025:9189 https://access.redhat.com/security/cve/CVE-2025-4404 https://access.redhat.com/security/cve/cve-2025-4404 https://nvd.nist.gov/vuln/detail/CVE-2025-4404 https://vigilance.fr/vulnerability/FreeIPA-privilege-escalation-via-IPA-enrolled-Clients-Admin-47448

Share on: