CVE-2025-11561
BaseFortify
Publication date: 2025-10-09
Last updated on: 2026-03-19
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.2 |
| redhat | enterprise_linux | 8.8 |
| redhat | enterprise_linux | 9.6 |
| redhat | enterprise_linux | 7 |
| redhat | enterprise_linux | 10 |
| redhat | enterprise_linux | 8.6 |
| redhat | enterprise_linux | 9.4 |
| redhat | enterprise_linux | 9 |
| redhat | system_security_services_daemon | * |
| redhat | enterprise_linux | 9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in how Active Directory integrates with the System Security Services Daemon (SSSD) on Linux systems. By default, SSSD does not enable the Kerberos local authentication plugin, which allows an attacker who can modify certain Active Directory attributes (like userPrincipalName or samAccountName) to impersonate privileged users. This means the attacker can gain unauthorized access or escalate privileges on Linux hosts joined to the domain.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access or privilege escalation on domain-joined Linux systems. An attacker who can modify specific Active Directory attributes could impersonate privileged users, potentially gaining control over sensitive systems or data.