ipa-server (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package ipa-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2025-4404 — CVSS 9.1 (critical): A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the…
CVE-2025-7493 — CVSS 9.1 (critical): A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where…
CVE-2024-2698 — CVSS 8.8 (high): A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the…
CVE-2025-59088 — CVSS 8.6 (high): If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV…
CVE-2024-3183 — CVSS 8.1 (high): A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different…
CVE-2020-25719 — CVSS 7.2 (high): A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD…
CVE-2020-17049 — CVSS 6.6 (medium): A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for…
CVE-2023-5455 — CVSS 6.5 (medium): A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an…
CVE-2025-59089 — CVSS 5.9 (medium): If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit…