CVE-2025-54882 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau store…
High CVSS: 7.1

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Vendor
Himmelblau-idm
Product
Himmelblau
CWE
CWE-522
Yayın Tarihi
2025-08-07 01:15:26
Güncelleme
2025-10-09 17:36:51
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-522 Himmelblau HIGH Himmelblau-idm 2025

Referanslar

https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22 https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0 https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83 https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83