Authentication Bypass Vulnerability in Keycloak by Red Hat
CVE-2025-12150

3.1LOW

Key Information:

Vendor

Keycloak

Status
Keycloak
Red Hat Build Of Keycloak 26.2
Red Hat Build Of Keycloak 26.2.11
Red Hat Build Of Keycloak 26.4
Vendor
CVE Published:
27 February 2026

What is CVE-2025-12150?

A flaw exists in Keycloak’s WebAuthn registration component that permits an attacker to circumvent the attestation policy. This issue arises when an attacker submits an attestation object with a format of 'none', allowing for the registration of untrusted or fraudulent authenticators, even when the realm requires direct attestation. This vulnerability compromises the integrity of authentication mechanisms and facilitates unauthorized registration of authenticators.

Affected Version(s)

keycloak 0 < 26.4.4

Red Hat build of Keycloak 26.2 26.2.11-1

Red Hat build of Keycloak 26.2 26.2-12

References

https://access.redhat.com/errata/RHSA-2025:21370
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:21371
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22088
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
.