Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-7493

Good to know:

icon

Date: September 30, 2025

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Severity Score

Related Resources (15)

https://access.redhat.com/errata/RHSA-2025:17129
https://access.redhat.com/errata/RHSA-2025:17646
https://access.redhat.com/errata/RHSA-2025:17645
https://access.redhat.com/errata/RHSA-2025:17648
https://access.redhat.com/errata/RHSA-2025:17647
https://nvd.nist.gov/vuln/detail/CVE-2025-7493
https://access.redhat.com/errata/RHSA-2025:17649
https://bugzilla.redhat.com/show_bug.cgi?id=2389448
https://access.redhat.com/security/cve/CVE-2025-7493
https://access.redhat.com/errata/RHSA-2025:17084
https://access.redhat.com/errata/RHSA-2025:17086
https://access.redhat.com/errata/RHSA-2025:17085
https://access.redhat.com/errata/RHSA-2025:17088
https://access.redhat.com/errata/RHSA-2025:17087
https://www.mend.io/vulnerability-database/CVE-2025-7493

Severity Score

Weakness Type (CWE)

Insufficient Granularity of Access Control

CWE-1220

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us