CVE-2025-24528 — Integer Overflow or Wraparound in Kerberos 5

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write9 documents8 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 57.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Kerberos 5 MIT Krb5

Timeline

PublishedJan 16

Description

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:HExploitability: 1.8 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5mit/kerberos_51.7 — 1.22

▶Debianmit/krb5< 1.18.3-6+deb11u6+3

🔴Vulnerability Details

OSV

CVE-2025-24528: In MIT Kerberos 5 (aka krb5) before 1↗2026-01-16

▶

GHSA

GHSA-wrjh-fhfj-xhfm: In MIT Kerberos 5 (aka krb5) before 1↗2026-01-16

▶

CVEList

CVE-2025-24528: In MIT Kerberos 5 (aka krb5) before 1↗2026-01-16

▶

OSV

krb5 vulnerabilities↗2025-03-03

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2025-03-03

▶

Debian

CVE-2025-24528: krb5 - In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there i...↗2025

▶

Red Hat

krb5: overflow when calculating ulog block size↗2024-01-28

▶

🕵️Threat Intelligence

Wiz

CVE-2025-24528 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶