{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-24528", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-01-16T18:06:59.339Z", "dateReserved": "2025-01-23T00:00:00.000Z", "datePublished": "2026-01-16T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Kerberos 5", "vendor": "MIT", "versions": [{"lessThan": "1.22", "status": "affected", "version": "1.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-16T17:26:53.710Z"}, "references": [{"url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"}, {"url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.7", "versionEndExcluding": "1.22"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-16T17:39:31.274136Z", "id": "CVE-2025-24528", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T17:39:37.681Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00029.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-16T18:06:59.339Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00029.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-01-16T18:06:59.339Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24528", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-16T17:39:31.274136Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T17:39:34.198Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H"}}], "affected": [{"vendor": "MIT", "product": "Kerberos 5", "versions": [{"status": "affected", "version": "1.7", "lessThan": "1.22", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"}, {"url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.22", "versionStartIncluding": "1.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-16T17:26:53.710Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24528", "state": "PUBLISHED", "dateUpdated": "2026-01-16T18:06:59.339Z", "dateReserved": "2025-01-23T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-01-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash."}], "id": "CVE-2025-24528", "lastModified": "2026-01-16T19:16:17.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-01-16T18:16:06.633", "references": [{"source": "cve@mitre.org", "url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"}, {"source": "cve@mitre.org", "url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00029.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1352", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "krb5-0:1.15.1-55.el7_9.4", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:2722", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "krb5-0:1.18.2-31.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:7067", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:7067", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "krb5-0:1.21.1-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:8385", "cpe": "cpe:/a:redhat:discovery:1.14::el9", "package": "registry.redhat.io/discovery/discovery-server-rhel9:sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63", "product_name": "Red Hat Discovery 1.14", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8385", "cpe": "cpe:/a:redhat:discovery:1.14::el9", "package": "registry.redhat.io/discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644", "product_name": "Red Hat Discovery 1.14", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:12407a15fefa30bb851444d27b00e1815970ae085deca7c17537612ec9e4bff6", "product_name": "Red Hat OpenShift distributed tracing 3.5.1", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:e2375ae72ddda9e05e66972adb7bf953bfbf220dcc8b36d6eb1ab76d9e96ff5d", "product_name": "Red Hat OpenShift distributed tracing 3.5.1", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:0742729985d0b1ce925bdaaa92c2bb42272902f4c2e93038c0fcf171c7baf03f", "product_name": "Red Hat OpenShift distributed tracing 3.5.1", "release_date": "2025-03-13T00:00:00Z"}], "bugzilla": {"description": "krb5: overflow when calculating ulog block size", "id": "2342796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service."], "name": "CVE-2025-24528", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "aap-cloud-metrics-collector-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-minimal-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/ee-supported-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-25/ansible-builder-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-01-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24528\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24528\nhttps://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.", "threat_severity": "Moderate"}