Unrated severityNVD Advisory· Published Aug 7, 2025· Updated Aug 7, 2025

Himmelblau's Kerberos credential cache collection is world readable

CVE-2025-54882

Description

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.

Affected products

Himmelblau Idm/Himmelblauv5
Range: >= 0.8.0, < 0.9.22

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/himmelblau-idm/himmelblau/commit/b562053df3dffb1dd9ab3d09af986886773be2admitrex_refsource_MISC
github.com/himmelblau-idm/himmelblau/commit/faae58b0384aca8b21b4be5f1c507412eec3778amitrex_refsource_MISC
github.com/himmelblau-idm/himmelblau/releases/tag/0.9.22mitrex_refsource_MISC
github.com/himmelblau-idm/himmelblau/releases/tag/1.2.0mitrex_refsource_MISC
github.com/himmelblau-idm/himmelblau/security/advisories/GHSA-phfx-rjfw-wj83mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000