Description

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

INFO

Published Date :

2025-09-30T15:06:46.836Z

Last Modified :

2025-10-01T06:36:20.594Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-7493 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Rhel E4s
  • Rhel Eus
  • Rhivos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7493.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-7493 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2389448 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact