Home > Vulnerability Database > CVE-2025-7493

Mend.io Vulnerability Database

CVE-2025-7493

Good to know:

Date: September 30, 2025

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Severity Score

9.1

Related Resources (10)

Url: https://access.redhat.com/security/cve/CVE-2025-7493

Url: https://access.redhat.com/errata/RHSA-2025:17129

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-7493

Url: https://access.redhat.com/errata/RHSA-2025:17084

Url: https://access.redhat.com/errata/RHSA-2025:17086

Url: https://access.redhat.com/errata/RHSA-2025:17085

Url: https://access.redhat.com/errata/RHSA-2025:17088

Url: https://access.redhat.com/errata/RHSA-2025:17087

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2389448

Url: https://www.mend.io/vulnerability-database/CVE-2025-7493

Severity Score

9.1

Weakness Type (CWE)

Insufficient Granularity of Access Control

CWE-1220

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-7493

Good to know:

Date: September 30, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?