Red Hat Product Errata RHSA-2025:17648 - Security Advisory
Issued:
2025-10-09
Updated:
2025-10-09

RHSA-2025:17648 - Security Advisory

Synopsis

Important: idm:DL1 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

  • BZ - 2389448 - CVE-2025-7493 FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
bind-dyndb-ldap-11.2-3.module+el8.2.0+21753+7109ce90.3.src.rpm SHA-256: ef6c9b71d85b77d3f2407ab6ed68e29189708e6c705d5e8de4a002e6c58a0bfc
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm SHA-256: b6100bdac9432491fa4251dd7d842fdd781e144a5e8218dfe4fc2c7b7c82e395
ipa-4.8.4-14.module+el8.2.0+23544+91c528c8.10.src.rpm SHA-256: 7ba72ef75622f6c67cfcd04960aa51c50ea50b2925317ba89524402e13a38910
ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.src.rpm SHA-256: 89f0b271c38debacd9e806496fa9a353e8052413b78856b15b4aa1d0782f6da9
ipa-idoverride-memberof-0.0.4-6.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 5886821428f563f2d337678d75a64dec040f37f1611ecbc1203ef42cd6379dc6
opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.src.rpm SHA-256: e045eb69fb90d38ade7c30a3391de3d455e728c8f27a4e95674993c0ddd2d0eb
python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm SHA-256: bb16a237e70d1ca926e78e44749af20a2a638021634a6577a2975acde7f18b17
python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm SHA-256: 9f115ba78e802faaad70ed34c4993fe93800eaf7fe99ec7ccb1ca4455d7b3b85
python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 2bfceb8a4bbb850a9aefc6c4f3ae41aa5ceafd5332de472e7bba7355de784285
python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 0260dd85e9c42230410a89062e79eb26bea8cd2b9609564d8f880328368ab597
pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm SHA-256: ff485d9fb55ced1abc92c78709333b4be6b1b94ac4fd5a0c18385571384511a5
slapi-nis-0.56.3-3.module+el8.2.0+10782+8facb0b2.src.rpm SHA-256: cc391aac31b9ad46a20a89e2240c020151cdbee894f961fecf1dcddf419017cb
softhsm-2.4.0-4.module+el8.2.0+5779+a38c524f.src.rpm SHA-256: 58569bd888c6adae41239ee0a0c5b379d4654b03a436dc80b2f893e67f42835f
ipa-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.src.rpm SHA-256: bf77bf806b2db5ac8f65f8f1ef61597360158c706f2991d8beae083608676561
ipa-healthcheck-0.4-4.module+el8.2.0+5496+53199ee7.src.rpm SHA-256: 267276508adaaa58dffebf147a0f7e2679fe1a1de8b837b8f00baa0be3357438
python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: d6c8668b633458beb143b1d3caf37c0c12739898645147b534a2b8d42f60adf7
python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 09bfe13452ed43252f7f8145ff00567d4d0b4afab9d53c0aee653b4062d0f575
python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 7af6d10402c3398ee50b632743716aefacfeb6eb565a61f5555e3333a2f1d1db
pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 21be100ceaf3121d69ee92097405c55597957a05f954570f41ade89e4ceabfc9
x86_64
bind-dyndb-ldap-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: 7e8c92f0e0f35c31e7d54f305301e4293318687c9cdd53b5c8270ba49fc1dc99
bind-dyndb-ldap-debuginfo-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: f1867d119f8a773193ee6db57466469162d2987a4ab60dc3f98fc427a6fdc756
bind-dyndb-ldap-debugsource-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: e7b2db5428fe8e360b53847fd356daab4c476c14d1dbf19e7297a80403d8707b
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 0e4a6b39176aec62a46d78dc25190c73e74a13a9cab03c6fb3a01c87a50985c1
ipa-client-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 1afe16c2039a2535a1694eac8649766b61b8cbb2a85528c043cc5d3843cdf8d5
ipa-client-common-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: 450d86edd799efa79b2dae5b003ce3d298f535fd048f68dc1d8d392ac176edae
ipa-client-debuginfo-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: b8a8bd6d113bc5e982493dda1d5c37af2396acbb34715888a4556d55c52ff288
ipa-client-samba-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 1eb76be81ae313ec7c83a8c071ba95d1bd02f63aacdaff8db919f816bc34c3ab
ipa-common-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: 7a96ac6bd01775b2ebdbe8df26435cc8fc0b7310258a75cd95c31c556e4c375e
ipa-debuginfo-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 6d8f0f24182bcf88aa4bb0cc9d32d59d2a86a4250b73188a1791778eb1201f69
ipa-debugsource-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 172d3460f0077823de723462a30634b4399d87dd8b7b9d90b30ad71ec76c384a
ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.noarch.rpm SHA-256: e32a9cd21fe502359ead7cc02b18f1a7cd343d64bb6849f8993b6232d8e4e11a
ipa-healthcheck-core-0.4-4.module+el8.2.0+5489+95477d9f.noarch.rpm SHA-256: f70d8feab6aff70adf93da9ca66543ecba4cb4d205c2feb90f603661a3eff1f9
ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: b7ffef204b68de5a12d757d50d1c081bbd3d49781dfe9e0398187dc117ca97a9
ipa-python-compat-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: a2b01c5855292aba32ba6babbf76574dbf45c6d2effadbd9ecca211dfb7b3ce2
ipa-server-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 731d9fd7d82652dbc9d22bc7abf0e385ecf1b3c9f7b6027786b10f78efb6790b
ipa-server-common-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: c039cc4005d16fcb5f4aba9e3c9a877eeaacbe936f950e4dc21654096d34d190
ipa-server-debuginfo-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 78e4ff18bd9e40b272913136a52bc13a219a9b1fa507dd582d24d8b14bb9262a
ipa-server-dns-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: 5029812401a1fee86beffb6ac77b48461b381667dd32c19d6704d83abe9c410d
ipa-server-trust-ad-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 7d2e96a122cd337f2e426524f031943af241671e46ff44015cd6dd071615960a
ipa-server-trust-ad-debuginfo-4.8.4-14.module+el8.2.0+23544+91c528c8.10.x86_64.rpm SHA-256: 09bc19ba4504748874b84ef6b0265e491f30f3d466f4bcc24c6fa50889f40f6b
opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: 28c73e253d4c445f617f5c6b6d40980b427da749765315dbda1563efab11b309
opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: c45a46373074e055a6511e2ebe3b6c0defa7d6c39f31a1aaefb2e69e196f99f0
opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: 0a6afbdbd46d7ba2070375fd2afb7a3d826c9c63e16f61e3b0adaf681d2c8040
python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 2fbace8f9985587a09e887a249b2c30d5a7b13be0af41d9992b8fb33b74856cf
python3-ipaclient-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: 473e646a0cef37d9a68e72716b9575e6e74d1371c4ee0660285765d74f3792b0
python3-ipalib-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: d8993acc24f310191f8ef43cd391ab49af3af2bda0cace193abd2cccef941e4c
python3-ipaserver-4.8.4-14.module+el8.2.0+23544+91c528c8.10.noarch.rpm SHA-256: 7115805b4dc765318b2596305fa34e5ce3b8269c3b09a37490cefaabf23a6904
python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 6eb7e382f990ab745a4329bf863fdbca79c081744846e60d3c2a095dd513cf39
python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm SHA-256: 4b3636274d0f8dcc626a2cd94e867ce82283cf4b4d7cb3fb877941fbd02556d7
python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: f55b57ab9e903c42846aafd7c836d00f8a1badd1a6077cf8f2434c915cd10e16
python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 6405e36fd8855d158dd2423986e2efc96f6da2add80b2feb225252df19ccc205
python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 1c0da67aa395b5bddd167b655713c711e6768f21e7d76c5c9c1533b6b2ac299e
python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 312f69eeaf58f3b78d691bcc3c381a57a294f2e2e783013935c1111f528e0aaf
slapi-nis-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 4975dcb06166c26db16f28b3dfa1bcc18165bb10c2d8f07fcb1647798b6099f2
slapi-nis-debuginfo-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 0ad3ba295bc42fc9e715acad896d8332c3d01fa824fb1a103e9f653350a31879
slapi-nis-debugsource-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 0799e263c140d29176cbdd85a2c341ca3cef6fa1284e9d87fdce3948a506149a
softhsm-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: 3a11f010c185650003a3753461e8eb80a7538741e33221a469b5bb6ff6a5e8c9
softhsm-debuginfo-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: d9156e94eac4324b32c0d980280595bc419670e7ee00f3c3ef555cf8fddd1521
softhsm-debugsource-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: fe0df40e440970b54f8fe47eea828a8cfb384cbf18a5067304f84c235e1544f8
softhsm-devel-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: 8a4aff3af635ce962452d0be7f5c371a3da3ae670f0651de03e0e0dc203caa58
ipa-client-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.x86_64.rpm SHA-256: 964ab0b41553c11c58255bfcb1ccaf91896946e5f08685f2a7a338e1732d295c
ipa-client-common-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.noarch.rpm SHA-256: eed3d228ee192654960767c21b96ecbc896d2bf3aaedb71dfc10a461aeb82ab2
ipa-client-debuginfo-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.x86_64.rpm SHA-256: 6e40641f5d6511e9fb2cef641d8541181eb14b3b4d7203417dd9287d48642eb6
ipa-client-samba-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.x86_64.rpm SHA-256: f5bdccb4cd3229f2d1f157a2348338f26aabc5acd4acc59a3125e59b1e31902e
ipa-common-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.noarch.rpm SHA-256: ecc04ce55b560764204d1753304cbc6c1dc300b73988dd24355f0555fcb35f52
ipa-debuginfo-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.x86_64.rpm SHA-256: c5ad72e538db1a8d5bef8a5932bbd740005857648556214c5c40e1409189c145
ipa-debugsource-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.x86_64.rpm SHA-256: 06112c58c4d9f333a81abb1af3008e5cbb3c9138cbd62375917945d832b99c78
ipa-healthcheck-core-0.4-4.module+el8.2.0+5496+53199ee7.noarch.rpm SHA-256: 647f6d2c11e42db795a09c53d01ebe85da46564d91eb3ef5d26ed742061ab59e
ipa-python-compat-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.noarch.rpm SHA-256: 82faf0bd746b3a8de3c5addeb9ad99281f47e97ee9c808f882d90002a344c08c
python3-ipaclient-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.noarch.rpm SHA-256: ef3a899c97f3c895424801679566a2c88fd6c8cdb325b96624734abe0ba58ea4
python3-ipalib-4.8.4-14.module+el8.2.0+23545+ad5241a1.10.noarch.rpm SHA-256: 49ec62d45341046434eb49466e608eeed4a7d45230ac74cc6182ff1b87cd7dd8
python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 8d803be7455a18c9905fd02dfd6c3e2218fe5c1b1353cf9913d186242ffb0f3a
python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 6ff9292dc2cb4bb68316c41ff47410ffde0f716e917a782c4b26ea8b92a46cb8
python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 0a1c17a0cd49cccff754e8e648a0a7328b8cac0dac0c49db09d537c36b2c4012
python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 00765719f0ae1a8b21d28a87542a627d1d98d7420c2506850adc99e16ddaf709
python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: ed59d3c8ee0a4bfde5550547bee128a96c3d06b4eb1b2c78d2d9ee408809c23c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.