CVE-2025-24034

LOW EPSS 9.4%
Published Jan 23, 20251y ago · Modified Jun 17, 20262w ago
3.2 CVSS 3.1
Low
Find Similar
Published Jan 23, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.

CVSS Details

Base Score
3.2
Exploitability
1.5
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Changed
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
9.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-532

References 6

  • github.com https://github.com/himmelblau-idm/himmelblau/commit/1216804f15ce5dc74bb5da48b5508c41d2ece8fa
  • github.com https://github.com/himmelblau-idm/himmelblau/releases/tag/0.7.15
  • github.com https://github.com/himmelblau-idm/himmelblau/releases/tag/0.8.3
  • github.com https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-p989-2f5w-9cf6
  • manpages.opensuse.org https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblau.conf.5.en.html
  • manpages.opensuse.org https://manpages.opensuse.org/Tumbleweed/himmelblau/himmelblaud.8.en.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.