CVE-2025-59088
Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv
CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
| CWE | CWE-918 |
| Vendor | latchset |
| Product | kdcproxy |
| Published | Nov 12, 2025 |
| Last Updated | Dec 19, 2025 |
Stay Ahead of the Next One
Get instant alerts for latchset kdcproxy
Be the first to know when new high vulnerabilities affecting latchset kdcproxy are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
latchset / kdcproxy
0 < 1.1.0
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21138 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21139 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21140 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21141 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21142 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21448 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21748 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21806 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21818 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21819 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21820 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:21821 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:22982 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-59088 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2393955 github.com: https://github.com/latchset/kdcproxy/pull/68
Credits
Red Hat would like to thank Arad Inbar for reporting this issue.