CVE-2025-7493
Freeipa: idm: privilege escalation from host to domain admin in freeipa
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
0th
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
| CWE | CWE-1220 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Sep 30, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new critical vulnerabilities affecting red hat red hat enterprise linux 10 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17084 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17085 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17086 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17087 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17088 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17129 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17645 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17646 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17647 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17648 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:17649 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-7493 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2389448 openwall.com: http://www.openwall.com/lists/oss-security/2025/09/30/6
Credits
Red Hat would like to thank Tom Smith for reporting this issue.