CVE-2025-3910

Published: Apr 29, 2025Modified: Aug 18, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Affected (1)

Products: Redhat: Build Of Keycloak

Redhat

1 product

Build Of Keycloak

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Build Of Keycloak	From 26.0 to 26.0.11

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (5)

https://access.redhat.com/errata/RHSA-2025:4335

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:4336

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2025-3910

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2361923

Source: secalert@redhat.com

Vendor Advisory

https://github.com/keycloak/keycloak/issues/39349

Source: secalert@redhat.com

Issue Tracking

Timeline

No history available yet.