Main Vulnerability Database SB2025071778

SB2025071778 - Privilege escalation in shadow-utils component used by BIG-IP Next SPK/CNF

Published: July 17, 2025

Security Bulletin ID SB2025071778

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-56433)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to shadow-utils establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users).

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://my.f5.com/manage/s/article/K000152313