CNNVD-202509-1124 Information

Sep 09, 2025 cve

CNNVD ID

CNNVD-202509-1124

CVE-2025-59044

  • CNNVD Published: 2025-09-09

Description (Chinese)

Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 0.9.0至0.9.22版本存在安全漏洞,该漏洞源于从组显示名称派生数字GID,可能导致授权绕过。

Description (English)

Himmelblau is an Azure Entra ID authentication module at the Himmelblau Open Source. There is a security gap in Himmelblau versions 0.9.0 to 0.9.22, which stems from the number GID derived from the name displayed in the group and may result in the authorization circumvention.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

海信

Published

2025-09-09

Last Modified

2026-02-24

References

https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-2m43-mmg9-3rgc https://github.com/himmelblau-idm/himmelblau/commit/76c5b41df7f89378af65dc7c0d0484d7d41b3281 https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-gcxr-m95v-qcf7 https://access.redhat.com/security/cve/cve-2025-59044 https://vigilance.fr/vulnerability/Himmelblau-user-access-via-DisplayName-Multiple-Groups-48884

Patch

https://github.com/himmelblau-idm/himmelblau/releases

Share on: