Himmelblau’s Kerberos credential cache collection is world readable_CVE-2025-54882

7.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.

Basic Information

ID CVE-2025-54882

Source GitHub_M

Published Aug 7, 2025 at 00:02

Affected Product

Vendor himmelblau-idm

Product himmelblau

Version >= 0.8.0, < 0.9.22

Affected Versions himmelblau-idm himmelblau >= 0.8.0, < 0.9.22
himmelblau-idm himmelblau >= 1.0.0-beta, < 1.2.0

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.",
    "published": "2025-08-07T00:02:09.263Z",
    "modified": "2025-08-07T00:02:09.263Z",
    "type": "cve",
    "title": "Himmelblau's Kerberos credential cache collection is world readable",
    "source": "GitHub_M",
    "references": "https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83\nhttps://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad\nhttps://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a\nhttps://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22\nhttps://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0",
    "id": "CVE-2025-54882",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "himmelblau-idm himmelblau >= 0.8.0, < 0.9.22\nhimmelblau-idm himmelblau >= 1.0.0-beta, < 1.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "himmelblau",
    "version": ">= 0.8.0, < 0.9.22",
    "vendor": "himmelblau-idm",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}