Summaryinfo

A vulnerability was found in himmelblau up to 0.7.14/0.8.2. It has been rated as problematic. This impacts the function logon_script of the file /etc/himmelblau/himmelblau.conf. Performing a manipulation of the argument d results in log file. This vulnerability is identified as CVE-2025-24034. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability was found in himmelblau up to 0.7.14/0.8.2. It has been classified as problematic. This affects the function logon_script of the file /etc/himmelblau/himmelblau.conf. The manipulation of the argument d with an unknown input leads to a log file vulnerability. CWE is classifying the issue as CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. This is going to have an impact on confidentiality. The summary by CVE is:

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.

The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2025-24034 since 01/16/2025. The exploitability is told to be easy. An attack has to be approached locally. The exploitation needs additional levels of successful authentication. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1592 for this issue.

Upgrading to version 0.7.15 or 0.8.3 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 1216804f15ce5dc74bb5da48b5508c41d2ece8fa is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• himmelblau

Version

• 0.7.0
• 0.7.1
• 0.7.2
• 0.7.3
• 0.7.4
• 0.7.5
• 0.7.6
• 0.7.7
• 0.7.8
• 0.7.9
• 0.7.10
• 0.7.11
• 0.7.12
• 0.7.13
• 0.7.14
• 0.8.0
• 0.8.1
• 0.8.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion