Error type:
CWE-284:Improper Access Control
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/ AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
- Severity (CVSSv4.0): 9.4 (critical)
Description:
The vulnerability was identified in FreeIPA, versions to 4.12.4.
The discovered vulnerability allows an attacker to retrieve a Kerberos ticket for domain admin. The vulnerability allows an attacker to access and exfiltrate sensitive data.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 16.06.2025
Recommendations:
- Update to version 4.12.4 or higher
Additional information: Security advisory, Press-release
Researcher: Mikhail Sukhov (Positive Technologies)
Identifiers:
CVE-2025-4404
BDU:2025-04863
Vendor:
Red Hat
Vulnerable product:
FreeIPA
Vulnerable versions:
to 4.12.4