CVE-2025-59088
HIGHkdcproxy - DNS SRV Realm Server-Side Request Forgery
Title source: manualDescription
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
References (16)
Core 16
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21138
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21139
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21140
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21141
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21142
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21448
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21748
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21806
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21818
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21819
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21820
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:21821
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22982
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-59088
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2393955
Issue Tracking
https://github.com/latchset/kdcproxy/pull/68
Scores
CVSS v3
8.6
EPSS
0.0008
EPSS Percentile
22.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (19)
latchset/kdcproxy
< 1.1.0
Red Hat/Red Hat Enterprise Linux 10
0:1.0.0-19.el10_1
Red Hat/Red Hat Enterprise Linux 10.0 Extended Update Support
0:1.0.0-19.el10_0
Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support
0:0.3.2-3.el7_9.3
Red Hat/Red Hat Enterprise Linux 8
8100020251028161822.823393f5
Red Hat/Red Hat Enterprise Linux 8
8100020251103113748.143e9e98
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
8020020251106022345.792f4060
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
8040020251103205102.5b01ab7e
Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
8040020251103205102.5b01ab7e
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
8060020251030180424.ada582f1
... and 9 more
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026