一、 漏洞 CVE-2025-49012 基础信息
漏洞信息
                                        # Himmelblau 的基于名称的组匹配会导致 pam_allow_groups 出现潜在的安全绕过问题

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API—even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
认证机制不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Himmelblau 授权问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Himmelblau是Himmelblau开源的一个 Azure Entra ID 身份验证模块。 Himmelblau 0.9.0至0.9.14版本和1.00-alpha版本存在授权问题漏洞,该漏洞源于组名匹配不当,可能导致权限提升。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-49012 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-49012 的情报信息

  • 标题: Security Concern Regarding Group-Based Access Control in Himmelblau Client · Issue #554 · himmelblau-idm/himmelblau -- 🔗来源链接

    标签: x_refsource_MISC

    神龙速读
    Security Concern Regarding Group-Based Access Control in Himmelblau Client · Issue #554 · himmelblau-idm/himmelblau

  • 标题: Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass · Advisory · himmelblau-idm/himmelblau · GitHub -- 🔗来源链接

    标签: x_refsource_CONFIRM

    神龙速读
    Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass · Advisory · himmelblau-idm/himmelblau · GitHub

  • 标题: Merge commit from fork · himmelblau-idm/himmelblau@918577f · GitHub -- 🔗来源链接

    标签: x_refsource_MISC

    神龙速读
    Merge commit from fork · himmelblau-idm/himmelblau@918577f · GitHub

  • 标题: Azure AD B2C creates groups with the same name using the Graph API - Microsoft Q&A -- 🔗来源链接

    标签: x_refsource_MISC

    神龙速读
    Azure AD B2C creates groups with the same name using the Graph API - Microsoft Q&A
  • https://nvd.nist.gov/vuln/detail/CVE-2025-49012