Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:17085

Опубликовано: 07 окт. 2025
Источник: rocky
Оценка: Important

Описание

Important: ipa security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
ipa-clientx86_6415.el10_0.4ipa-client-4.12.2-15.el10_0.4.x86_64.rpm
ipa-client-commonnoarch15.el10_0.4ipa-client-common-4.12.2-15.el10_0.4.noarch.rpm
ipa-client-encrypted-dnsx86_6415.el10_0.4ipa-client-encrypted-dns-4.12.2-15.el10_0.4.x86_64.rpm
ipa-client-epnx86_6415.el10_0.4ipa-client-epn-4.12.2-15.el10_0.4.x86_64.rpm
ipa-client-sambax86_6415.el10_0.4ipa-client-samba-4.12.2-15.el10_0.4.x86_64.rpm
ipa-commonnoarch15.el10_0.4ipa-common-4.12.2-15.el10_0.4.noarch.rpm
ipa-selinuxnoarch15.el10_0.4ipa-selinux-4.12.2-15.el10_0.4.noarch.rpm
ipa-selinux-lunanoarch15.el10_0.4ipa-selinux-luna-4.12.2-15.el10_0.4.noarch.rpm
ipa-selinux-nfastnoarch15.el10_0.4ipa-selinux-nfast-4.12.2-15.el10_0.4.noarch.rpm
ipa-serverx86_6415.el10_0.4ipa-server-4.12.2-15.el10_0.4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-7493

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-7493

CVSS3: 9.1
ubuntu
16 дней назад

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

nvd логотип

CVE-2025-7493

CVSS3: 9.1
nvd
16 дней назад

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

debian логотип

CVE-2025-7493

CVSS3: 9.1
debian
16 дней назад

A privilege escalation flaw from host to domain administrator was foun ...

github логотип

GHSA-vm59-52f9-r52r

CVSS3: 9.1
github
16 дней назад

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

oracle-oval логотип

ELSA-2025-17129

oracle-oval
16 дней назад

ELSA-2025-17129: idm:DL1 security update (IMPORTANT)