Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-11561

Date: October 9, 2025

A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin (sssd_krb5_localauth_plugin), allowing an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users. This can result in unauthorized access or privilege escalation on domain-joined Linux hosts.

Severity Score

Related Resources (18)

https://access.redhat.com/errata/RHSA-2025:19854
https://access.redhat.com/errata/RHSA-2025:19849
https://access.redhat.com/errata/RHSA-2025:19847
https://access.redhat.com/errata/RHSA-2025:19848
https://access.redhat.com/errata/RHSA-2025:19859
https://access.redhat.com/errata/RHSA-2025:20954
https://access.redhat.com/errata/RHSA-2025:21020
https://blog.async.sg/kerberos-ldr
https://bugzilla.redhat.com/show_bug.cgi?id=2402727
https://access.redhat.com/errata/RHSA-2025:21067
https://access.redhat.com/security/cve/CVE-2025-11561
https://nvd.nist.gov/vuln/detail/CVE-2025-11561
https://access.redhat.com/errata/RHSA-2025:19610
https://access.redhat.com/errata/RHSA-2025:19852
https://access.redhat.com/errata/RHSA-2025:19853
https://access.redhat.com/errata/RHSA-2025:19850
https://access.redhat.com/errata/RHSA-2025:19851
https://www.mend.io/vulnerability-database/CVE-2025-11561

Severity Score

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us