Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-24528

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

krb5: overflow when calculating ulog block size

Affected Software List

Name Vendor Version
Red Hat Enterprise Linux 7 Extended Lifecycle Support RedHat krb5-0:1.15.1-55.el7_9.4
Red Hat Enterprise Linux 8 RedHat krb5-0:1.18.2-31.el8_10
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Enterprise Linux 9 RedHat krb5-0:1.21.1-6.el9
Red Hat Discovery 1.14 RedHat registry.redhat.io/discovery/discovery-server-rhel9:sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63
Red Hat Discovery 1.14 RedHat registry.redhat.io/discovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644
Red Hat OpenShift distributed tracing 3.5.1 RedHat registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:92613ae031dd45d85151ff1bd0703ee6bbc6842133cdc51b274769122ea40ac8
Red Hat OpenShift distributed tracing 3.5.1 RedHat registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:ffd6b70068dd4d6bf7a835c0bbf5b934f26ff2b0f5755130dccb099340550083
Red Hat OpenShift distributed tracing 3.5.1 RedHat registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:bf3aa3e5522cf90d82fbd34710e08448a93b88a9876c77415a1027f83a195a81

Ubuntu

In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

Affected Software List

Name Vendor Version
Krb5 Ubuntu/noble 1.20.1-6ubuntu2.5
Krb5 Ubuntu/oracular 1.21.3-3ubuntu0.2
Krb5 Ubuntu/plucky 1.21.3-4ubuntu2
Krb5 Ubuntu/upstream TBD
Krb5 Ubuntu/devel 1.21.3-4ubuntu2
Krb5 Ubuntu/esm-infra/bionic TBD
Krb5 Ubuntu/focal 1.17-6ubuntu4.9
Krb5 Ubuntu/jammy 1.19.2-2ubuntu0.6
Krb5 Ubuntu/esm-infra-legacy/trusty TBD
Krb5 Ubuntu/esm-infra/xenial TBD
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use