{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-7493: fix privilege escalation, validate krbCanonicalName to prevent host-to-realm\n admin escalation, blocks unauthorized admin actions and data exfiltration", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1763391572.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572" } ], "tracking": { "current_release_date": "2026-02-16T09:49:19Z", "generator": { "date": "2026-02-16T09:49:19Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1763391572", "initial_release_date": "2025-11-17T15:00:55Z", "revision_history": [ { "date": "2025-11-17T15:00:55Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:49:19Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "ipa: Fix of CVE-2025-7493" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-ipaclient@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-server-dns@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-python-compat@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-ipatests@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-common@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-ipaserver@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-server-common@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-selinux@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-client-common@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } }, { "category": "product_version", "name": "python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product": { "name": "python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_id": "python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python3-ipalib@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-server-trust-ad@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-client-samba@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-client@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-server@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product": { "name": "ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_id": "ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/ipa-client-epn@4.10.1-9.el9_2.alma.1.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64" }, "product_reference": "ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" }, "product_reference": "python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-3183", "cwe": { "id": "CWE-916", "name": "Use of Password Hash With Insufficient Computational Effort" }, "notes": [ { "category": "description", "text": "A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.\r\n\r\nIf a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-3183" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3754", "url": "https://access.redhat.com/errata/RHSA-2024:3754" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3755", "url": "https://access.redhat.com/errata/RHSA-2024:3755" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3756", "url": "https://access.redhat.com/errata/RHSA-2024:3756" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3757", "url": "https://access.redhat.com/errata/RHSA-2024:3757" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3758", "url": "https://access.redhat.com/errata/RHSA-2024:3758" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3759", "url": "https://access.redhat.com/errata/RHSA-2024:3759" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3760", "url": "https://access.redhat.com/errata/RHSA-2024:3760" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3761", "url": "https://access.redhat.com/errata/RHSA-2024:3761" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2024:3775", "url": "https://access.redhat.com/errata/RHSA-2024:3775" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2024-3183", "url": "https://access.redhat.com/security/cve/CVE-2024-3183" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685" }, { "category": "external", "summary": "https://www.freeipa.org/release-notes/4-12-1.html", "url": "https://www.freeipa.org/release-notes/4-12-1.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/" } ], "release_date": "2024-06-12T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-17T14:59:34.658258Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572", "product_ids": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-7493", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "notes": [ { "category": "description", "text": "A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-7493" } ], "release_date": "2025-09-30T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-17T14:59:34.658258Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572", "product_ids": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-4404", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "notes": [ { "category": "description", "text": "A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-4404" } ], "release_date": "2025-06-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-17T14:59:34.658258Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572", "product_ids": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2024-2698", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "description", "text": "A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the \"forwardable\" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request.\nIn FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-2698" } ], "release_date": "2024-06-10T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-17T14:59:34.658258Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572", "product_ids": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1763391572" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:ipa-client-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-client-epn-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-client-samba-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-python-compat-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-selinux-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:ipa-server-common-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-dns-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:ipa-server-trust-ad-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.x86_64", "AlmaLinux-9.2:python3-ipaclient-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipalib-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipaserver-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch", "AlmaLinux-9.2:python3-ipatests-0:4.10.1-9.el9_2.alma.1.tuxcare.els2.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }