FreeIPA Privilege Escalation via Missing krbCanonicalName Validation
CVE-2025-7493 Published on September 30, 2025

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-7493 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.


Products Associated with CVE-2025-7493

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-7493 are published in these products:

Red Hat Enterprise Linux (RHEL)
 
Freeipa
 
Red Hat Rhel E4s
 
Red Hat Rhel Eus
 
Red Hat Rhivos
 
Red Hat Rhel Els
 
Red Hat Rhel Aus
 
Red Hat Rhel Eus Long Life
 
Red Hat Rhel Tus
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 7 Extended Lifecycle Support: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 8.2 Advanced Update Support: Red Hat Enterprise Linux 8.2 Advanced Update Support: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support: Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On: Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support: Red Hat Enterprise Linux 8.6 Telecommunications Update Service: Red Hat Enterprise Linux 8.6 Telecommunications Update Service: Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.8 Telecommunications Update Service: Red Hat Enterprise Linux 8.8 Telecommunications Update Service: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions: Red Hat Enterprise Linux 9: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions: Red Hat Enterprise Linux 9.4 Extended Update Support: Red Hat Enterprise Linux 6:

Exploit Probability

EPSS
0.09%
Percentile
26.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.