Improper Authorization configuration vulnerability in the System Security Services Daemon (SSSD) when integrated with Microsoft Active Directory. The flaw arises because, by default, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is not enabled, allowing incorrect mapping of Kerberos principals to local users. An attacker with the ability to modify Active Directory attributes (userPrincipalName or samAccountName) can impersonate privileged accounts such as root or Administrator. This can lead to privilege escalation on domain-joined Linux systems using GSSAPI or password-based authentication.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19610 https://access.redhat.com/errata/RHSA-2025:19610
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:19847 https://access.redhat.com/errata/RHSA-2025:19847
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:19850 https://access.redhat.com/errata/RHSA-2025:19850
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2025:19848 https://access.redhat.com/errata/RHSA-2025:19848
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:19853 https://access.redhat.com/errata/RHSA-2025:19853
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:19854 https://access.redhat.com/errata/RHSA-2025:19854
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:19849 https://access.redhat.com/errata/RHSA-2025:19849
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:19859 https://access.redhat.com/errata/RHSA-2025:19859
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:19852 https://access.redhat.com/errata/RHSA-2025:19852
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:19851 https://access.redhat.com/errata/RHSA-2025:19851
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:20954 https://access.redhat.com/errata/RHSA-2025:20954
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21020 https://access.redhat.com/errata/RHSA-2025:21020
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2025:21067 https://access.redhat.com/errata/RHSA-2025:21067
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:21329 https://access.redhat.com/errata/RHSA-2025:21329
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2025:21795 https://access.redhat.com/errata/RHSA-2025:21795
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2025:22256 https://access.redhat.com/errata/RHSA-2025:22256
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:22265 https://access.redhat.com/errata/RHSA-2025:22265
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2025:22277 https://access.redhat.com/errata/RHSA-2025:22277