CVE-2025-59088HIGH 8.6EPSS p31.4%

CVE-2025-59088CVE-2025-59088

Description

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.40% probability of exploitation · percentile 31.4% · 2026-06-18T12:00:27Z
Published2025-11-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-918

References

  1. https://access.redhat.com/errata/RHSA-2025:21138
  2. https://access.redhat.com/errata/RHSA-2025:21139
  3. https://access.redhat.com/errata/RHSA-2025:21140
  4. https://access.redhat.com/errata/RHSA-2025:21141
  5. https://access.redhat.com/errata/RHSA-2025:21142
  6. https://access.redhat.com/errata/RHSA-2025:21448
  7. https://access.redhat.com/errata/RHSA-2025:21748
  8. https://access.redhat.com/errata/RHSA-2025:21806

1

TypeTargetConfidenceTier
WeaknessServer-Side Request Forgery (SSRF)cwe-9180%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32992
CVE
CVE-2025-9293
CVE
CVE-2026-4366
CVE
CVE-2026-35563
CVE
CVE-2026-5936
CVE
CVE-2025-52692
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.