{"id":"CVE-2025-11561","summary":"Sssd: sssd default kerberos configuration allows privilege escalation on ad-joined linux systems","details":"A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.","modified":"2026-07-08T07:57:55.070085034Z","published":"2025-10-09T13:37:53.089Z","related":["ALSA-2025:19610","ALSA-2025:20954","ALSA-2025:21020","SUSE-SU-2025:21066-1","SUSE-SU-2025:21084-1","SUSE-SU-2025:4181-1","SUSE-SU-2025:4182-1","SUSE-SU-2025:4183-1","SUSE-SU-2025:4231-1","SUSE-SU-2025:4232-1","SUSE-SU-2025:4247-1","SUSE-SU-2026:20014-1","SUSE-SU-2026:20019-1","openSUSE-SU-2025:15751-1","openSUSE-SU-2026:20001-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11561.json","cwe_ids":["CWE-269"],"cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"WEB","url":"https://catalog.redhat.com/software/containers/"},{"type":"WEB","url":"https://sssd.io/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19610"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19847"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19848"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19849"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19850"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19851"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19852"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19853"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19854"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19859"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:20954"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21020"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21067"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21329"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:21795"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22256"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22265"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22277"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22529"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22548"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22724"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:23113"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0316"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:0677"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-11561"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11561.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402727"},{"type":"REPORT","url":"https://github.com/SSSD/sssd/issues/8021"},{"type":"ARTICLE","url":"https://blog.async.sg/kerberos-ldr"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sssd/sssd","events":[{"introduced":"0"},{"last_affected":"ced937c9d3818567c59f624379e61be0004edf2f"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.11.1"}]}}],"versions":["2.11.1","2.11.0","2.10.0","2.10.0-beta2","2.10.0-beta1","2.9.0","2.8.0","2.7.0","2.6.3","2.6.2","2.6.1","2.6.0","2.5.2","2.5.1","2.5.0","2.4.2","2.4.1","sssd-2_4_0","sssd-2_3_1","sssd-2_3_0","sssd-2_2_3","sssd-2_2_2","sssd-2_2_1","sssd-2_2_0","sssd-2_1_0","sssd-1_16_3","sssd-1_16_2","sssd-1_16_1","sssd-1_16_0","sssd-1_15_3","sssd-1_15_2","sssd-1_15_1","sssd-1_15_0","sssd-1_14_2","sssd-1_14_1","sssd-1_14_0","sssd-1_14_0_beta1","sssd-1_13_91","sssd-1_14_0_alpha1","sssd-1_13_90","sssd-1_13_1","sssd-1_13_0","sssd-1_13_0_alpha","sssd-1_12_90","sssd-1_12_3","sssd-1_12_2","sssd-1_12_1","sssd-1_12_0","sssd-1_12_0_beta2","sssd-1_11_91","sssd-1_12_0_beta1","sssd-1_11_90","sssd-1_11_0","sssd-1_11_0_beta2","sssd-1_10_92","sssd-1_11_0_beta1","sssd-1_10_90","sssd-1_10_0","sssd-1_9_94","sssd-1_9_93","sssd-1_10_beta2","sssd-1_9_92","sssd-1_10_beta1","sssd-1_9_91","sssd-1_10_alpha1","sssd-1_9_2","sssd-1_9_1","sssd-1_9_0","sssd-1_9_0_rc1","sssd-1_8_98","sssd-1_9_0_beta7","sssd-1_8_97","sssd-1_9_0_beta6","sssd-1_8_96","sssd-1_9_0_beta5","sssd-1_8_95","sssd-1_9_0_beta4","sssd-1_8_94","sssd-1_9_0_beta3","sssd-1_8_93","sssd-1_9_0_beta2","sssd-1_8_92","sssd-1_9_0_beta1","sssd-1_8_91","sssd-1_6_0","sssd-1_5_1","sssd-1_5_0","sssd-1_4_0","sssd-1_3_0","sssd-1_2_91","sssd-1_0_99","sssd-0_99_0","sssd-0_7_0","sssd-0_6_0","sssd-0_5_0","sssd-0_4_1","sssd-0_4_0","sssd-0_3_3","sssd-0_3_2","sssd-0_3_1","sssd-0_2_1","sssd-0_2_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11561.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}