Search criteria

4 vulnerabilities found for kdcproxy by latchset

CVE-2025-59088 (GCVE-0-2025-59088)

Vulnerability from nvd – Published: 2025-11-12 16:35 – Updated: 2025-12-19 14:44
VLAI?
Title
Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv
Summary
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
Severity ?
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21138 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21139 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21140 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21141 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21142 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21448 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21748 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21806 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21818 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21819 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21820 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21821 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22982 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-59088 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2393955 issue-trackingx_refsource_REDHAT
https://github.com/latchset/kdcproxy/pull/68
Impacted products
Vendor Product Version
latchset kdcproxy Affected: 0 , < 1.1.0 (semver)
Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.0.0-19.el10_1 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.0.0-19.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:0.3.2-3.el7_9.3 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251103113748.143e9e98 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251028161822.823393f5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 8020020251106022345.792f4060 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.0.0-9.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_0.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.0.0-7.el9_4.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:1.0.0-9.el9_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
 Create a notification for this product.
Credits
Red Hat would like to thank Arad Inbar for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T20:48:05.033762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T21:05:08.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/latchset/kdcproxy",
          "defaultStatus": "unaffected",
          "packageName": "kdcproxy",
          "product": "kdcproxy",
          "vendor": "latchset",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.2-3.el7_9.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:client",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251103113748.143e9e98",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251028161822.823393f5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020251106022345.792f4060",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_6",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arad Inbar for reporting this issue."
        }
      ],
      "datePublic": "2025-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where\nthe \"use_dns\" setting is explicitly set to false are not affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T14:44:01.471Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21138"
        },
        {
          "name": "RHSA-2025:21139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21139"
        },
        {
          "name": "RHSA-2025:21140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21140"
        },
        {
          "name": "RHSA-2025:21141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21141"
        },
        {
          "name": "RHSA-2025:21142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21142"
        },
        {
          "name": "RHSA-2025:21448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21448"
        },
        {
          "name": "RHSA-2025:21748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21748"
        },
        {
          "name": "RHSA-2025:21806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21806"
        },
        {
          "name": "RHSA-2025:21818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21818"
        },
        {
          "name": "RHSA-2025:21819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21819"
        },
        {
          "name": "RHSA-2025:21820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21820"
        },
        {
          "name": "RHSA-2025:21821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21821"
        },
        {
          "name": "RHSA-2025:22982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22982"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-59088"
        },
        {
          "name": "RHBZ#2393955",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393955"
        },
        {
          "url": "https://github.com/latchset/kdcproxy/pull/68"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-08T21:18:31.461000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Python-kdcproxy: unauthenticated ssrf via realm\u2011controlled dns srv",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue before a final fix can be applied, set \"use_dns\" parameter to false in the global section of the kdcproxy.conf file. This will disable the use of DNS to find Active Directory servers so it may break the service if DNS is needed."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-59088",
    "datePublished": "2025-11-12T16:35:27.877Z",
    "dateReserved": "2025-09-08T21:43:30.845Z",
    "dateUpdated": "2025-12-19T14:44:01.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59089 (GCVE-0-2025-59089)

Vulnerability from nvd – Published: 2025-11-12 16:40 – Updated: 2025-12-19 15:10
VLAI?
Title
Python-kdcproxy: remote dos via unbounded tcp upstream buffering
Summary
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21138 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21139 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21140 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21141 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21142 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21448 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21748 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21806 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21818 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21819 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21820 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21821 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22982 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-59089 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2393958 issue-trackingx_refsource_REDHAT
https://github.com/latchset/kdcproxy/pull/68
Impacted products
Vendor Product Version
latchset kdcproxy Affected: 0 , < 1.1.0 (semver)
Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.0.0-19.el10_1 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.0.0-19.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:0.3.2-3.el7_9.3 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251103113748.143e9e98 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251028161822.823393f5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 8020020251106022345.792f4060 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.0.0-9.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_0.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.0.0-7.el9_4.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:1.0.0-9.el9_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
 Create a notification for this product.
Credits
Red Hat would like to thank Arad Inbar for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T20:47:44.917442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T21:04:54.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/latchset/kdcproxy",
          "defaultStatus": "unaffected",
          "packageName": "kdcproxy",
          "product": "kdcproxy",
          "vendor": "latchset",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.2-3.el7_9.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:client",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251103113748.143e9e98",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251028161822.823393f5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020251106022345.792f4060",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_6",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arad Inbar for reporting this issue."
        }
      ],
      "datePublic": "2025-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC\u0027s response, kdcproxy copies the entire buffered stream into a new\nbuffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response\nheader, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T15:10:54.839Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21138"
        },
        {
          "name": "RHSA-2025:21139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21139"
        },
        {
          "name": "RHSA-2025:21140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21140"
        },
        {
          "name": "RHSA-2025:21141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21141"
        },
        {
          "name": "RHSA-2025:21142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21142"
        },
        {
          "name": "RHSA-2025:21448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21448"
        },
        {
          "name": "RHSA-2025:21748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21748"
        },
        {
          "name": "RHSA-2025:21806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21806"
        },
        {
          "name": "RHSA-2025:21818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21818"
        },
        {
          "name": "RHSA-2025:21819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21819"
        },
        {
          "name": "RHSA-2025:21820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21820"
        },
        {
          "name": "RHSA-2025:21821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21821"
        },
        {
          "name": "RHSA-2025:22982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22982"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-59089"
        },
        {
          "name": "RHBZ#2393958",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393958"
        },
        {
          "url": "https://github.com/latchset/kdcproxy/pull/68"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-08T21:37:15.428000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Python-kdcproxy: remote dos via unbounded tcp upstream buffering",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-59089",
    "datePublished": "2025-11-12T16:40:50.725Z",
    "dateReserved": "2025-09-08T21:43:30.846Z",
    "dateUpdated": "2025-12-19T15:10:54.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59089 (GCVE-0-2025-59089)

Vulnerability from cvelistv5 – Published: 2025-11-12 16:40 – Updated: 2025-12-19 15:10
VLAI?
Title
Python-kdcproxy: remote dos via unbounded tcp upstream buffering
Summary
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21138 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21139 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21140 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21141 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21142 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21448 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21748 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21806 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21818 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21819 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21820 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21821 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22982 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-59089 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2393958 issue-trackingx_refsource_REDHAT
https://github.com/latchset/kdcproxy/pull/68
Impacted products
Vendor Product Version
latchset kdcproxy Affected: 0 , < 1.1.0 (semver)
Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.0.0-19.el10_1 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.0.0-19.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:0.3.2-3.el7_9.3 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251103113748.143e9e98 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251028161822.823393f5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 8020020251106022345.792f4060 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.0.0-9.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_0.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.0.0-7.el9_4.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:1.0.0-9.el9_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
 Create a notification for this product.
Credits
Red Hat would like to thank Arad Inbar for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T20:47:44.917442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T21:04:54.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/latchset/kdcproxy",
          "defaultStatus": "unaffected",
          "packageName": "kdcproxy",
          "product": "kdcproxy",
          "vendor": "latchset",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.2-3.el7_9.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:client",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251103113748.143e9e98",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251028161822.823393f5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020251106022345.792f4060",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_6",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arad Inbar for reporting this issue."
        }
      ],
      "datePublic": "2025-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC\u0027s response, kdcproxy copies the entire buffered stream into a new\nbuffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response\nheader, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T15:10:54.839Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21138"
        },
        {
          "name": "RHSA-2025:21139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21139"
        },
        {
          "name": "RHSA-2025:21140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21140"
        },
        {
          "name": "RHSA-2025:21141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21141"
        },
        {
          "name": "RHSA-2025:21142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21142"
        },
        {
          "name": "RHSA-2025:21448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21448"
        },
        {
          "name": "RHSA-2025:21748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21748"
        },
        {
          "name": "RHSA-2025:21806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21806"
        },
        {
          "name": "RHSA-2025:21818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21818"
        },
        {
          "name": "RHSA-2025:21819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21819"
        },
        {
          "name": "RHSA-2025:21820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21820"
        },
        {
          "name": "RHSA-2025:21821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21821"
        },
        {
          "name": "RHSA-2025:22982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22982"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-59089"
        },
        {
          "name": "RHBZ#2393958",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393958"
        },
        {
          "url": "https://github.com/latchset/kdcproxy/pull/68"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-08T21:37:15.428000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Python-kdcproxy: remote dos via unbounded tcp upstream buffering",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-59089",
    "datePublished": "2025-11-12T16:40:50.725Z",
    "dateReserved": "2025-09-08T21:43:30.846Z",
    "dateUpdated": "2025-12-19T15:10:54.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59088 (GCVE-0-2025-59088)

Vulnerability from cvelistv5 – Published: 2025-11-12 16:35 – Updated: 2025-12-19 14:44
VLAI?
Title
Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv
Summary
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
Severity ?
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
https://access.redhat.com/errata/RHSA-2025:21138 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21139 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21140 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21141 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21142 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21448 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21748 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21806 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21818 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21819 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21820 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21821 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22982 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-59088 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2393955 issue-trackingx_refsource_REDHAT
https://github.com/latchset/kdcproxy/pull/68
Impacted products
Vendor Product Version
latchset kdcproxy Affected: 0 , < 1.1.0 (semver)
Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:1.0.0-19.el10_1 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.1
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10.0 Extended Update Support Unaffected: 0:1.0.0-19.el10_0 , < * (rpm)
    cpe:/o:redhat:enterprise_linux_eus:10.0
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7 Extended Lifecycle Support Unaffected: 0:0.3.2-3.el7_9.3 , < * (rpm)
    cpe:/o:redhat:rhel_els:7
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251103113748.143e9e98 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 8100020251028161822.823393f5 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 8020020251106022345.792f4060 , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Unaffected: 8040020251103205102.5b01ab7e , < * (rpm)
    cpe:/a:redhat:rhel_aus:8.4::appstream
    cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 8060020251030180424.ada582f1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.6::appstream
    cpe:/a:redhat:rhel_aus:8.6::appstream
    cpe:/a:redhat:rhel_tus:8.6::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Telecommunications Update Service Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Unaffected: 8080020251029082621.b0a6ceea , < * (rpm)
    cpe:/a:redhat:rhel_e4s:8.8::appstream
    cpe:/a:redhat:rhel_tus:8.8::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.0.0-9.el9_7 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_0.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.0::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Unaffected: 0:1.0.0-7.el9_2.1 , < * (rpm)
    cpe:/a:redhat:rhel_e4s:9.2::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support Unaffected: 0:1.0.0-7.el9_4.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.4::appstream
 Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:1.0.0-9.el9_6 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
 Create a notification for this product.
Credits
Red Hat would like to thank Arad Inbar for reporting this issue.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-12T20:48:05.033762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-12T21:05:08.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/latchset/kdcproxy",
          "defaultStatus": "unaffected",
          "packageName": "kdcproxy",
          "product": "kdcproxy",
          "vendor": "latchset",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-19.el10_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.3.2-3.el7_9.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:client",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251103113748.143e9e98",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020251028161822.823393f5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020251106022345.792f4060",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020251103205102.5b01ab7e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020251030180424.ada582f1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "idm:DL1",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020251029082621.b0a6ceea",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_7",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-7.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "python-kdcproxy",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-9.el9_6",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Arad Inbar for reporting this issue."
        }
      ],
      "datePublic": "2025-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where\nthe \"use_dns\" setting is explicitly set to false are not affected."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-19T14:44:01.471Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:21138",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21138"
        },
        {
          "name": "RHSA-2025:21139",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21139"
        },
        {
          "name": "RHSA-2025:21140",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21140"
        },
        {
          "name": "RHSA-2025:21141",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21141"
        },
        {
          "name": "RHSA-2025:21142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21142"
        },
        {
          "name": "RHSA-2025:21448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21448"
        },
        {
          "name": "RHSA-2025:21748",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21748"
        },
        {
          "name": "RHSA-2025:21806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21806"
        },
        {
          "name": "RHSA-2025:21818",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21818"
        },
        {
          "name": "RHSA-2025:21819",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21819"
        },
        {
          "name": "RHSA-2025:21820",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21820"
        },
        {
          "name": "RHSA-2025:21821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:21821"
        },
        {
          "name": "RHSA-2025:22982",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:22982"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-59088"
        },
        {
          "name": "RHBZ#2393955",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393955"
        },
        {
          "url": "https://github.com/latchset/kdcproxy/pull/68"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-08T21:18:31.461000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-11-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Python-kdcproxy: unauthenticated ssrf via realm\u2011controlled dns srv",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue before a final fix can be applied, set \"use_dns\" parameter to false in the global section of the kdcproxy.conf file. This will disable the use of DNS to find Active Directory servers so it may break the service if DNS is needed."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-59088",
    "datePublished": "2025-11-12T16:35:27.877Z",
    "dateReserved": "2025-09-08T21:43:30.845Z",
    "dateUpdated": "2025-12-19T14:44:01.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}