CNNVD-202506-3349 Information
CNNVD ID
CNNVD-202506-3349
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 0.9.10至0.9.16版本存在授权问题漏洞,该漏洞源于离线状态下可使用无效Linux Hello PIN认证。
Description (English)
Himmelblau is an Azure Entra ID authentication module at the Himmelblau Open Source. Versions 0.9.10 to 0.9.16 of Himmelblau contain a mandate gap, which stems from the use of invalid Linux Hello PIN authentication in offline status.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
Hipcam
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/himmelblau-idm/himmelblau/commit/78477d684df710d57c10091c87b92665cfac98ae https://www.vicarius.io/vsociety/posts/cve-2025-53013-mitigate-himmelblau-vulnerable-configuration https://www.vicarius.io/vsociety/posts/cve-2025-53013-detect-himmelblau-vulnerable-configuration https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-j93j-pwm6-p97j https://github.com/himmelblau-idm/himmelblau/commit/64b03739f1d5ee472b1cff3ed20ed9af1c65a6f8 https://nvd.nist.gov/vuln/detail/CVE-2025-53013
Patch
https://github.com/himmelblau-idm/himmelblau/releases
Share on: