CVE-2025-24528
krb5 - security update
7.1
HIGH
CVSS 3.1
EPSS 0.21%
Description
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
How to fix CVE-2025-24528
To remediate CVE-2025-24528, upgrade the affected package to a fixed version below.
- Debian/krb5—upgrade to 1.18.3-6+deb11u6 or later
- —upgrade to 1.18.3-6+deb11u6 or later
Is CVE-2025-24528 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.18.3-6+deb11u6
- from 0, < 1.18.3-6+deb11u6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |