CVE-2025-54882
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
07/08/2025
Last modified:
09/10/2025
Description
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:himmelblau-idm:himmelblau:*:*:*:*:*:*:*:* | 0.8.0 (including) | 0.9.22 (excluding) |
| cpe:2.3:a:himmelblau-idm:himmelblau:*:*:*:*:*:*:*:* | 1.0.0 (including) | 1.2.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2ad
- https://github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778a
- https://github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22
- https://github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0
- https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83
- https://github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83