Authentication Vulnerability in PingFederate's HTML Form Adapter
CVE-2025-26862

NONE

Key Information:

Vendor: Ping Identity
Status: Pingfederate
Vendor: CVE Published:; 27 October 2025

🔔 Create Ping Identity Vulnerability Alert

What is CVE-2025-26862?

A security flaw in PingFederate's HTML Form Adapter enables unexpected rendering of authentication forms in redirectless mode. This issue can potentially be exploited, allowing attackers to conduct brute force login attempts. Organizations utilizing affected versions of PingFederate should take immediate action to review their implementations and mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PingFederate 11.3.0 < 11.3.14

PingFederate 12.0.0 < 12.0.10

PingFederate 12.1.0 < 12.1.9

References

https://support.pingidentity.com/s/article/PingFederate-u...

https://www.pingidentity.com/en/resources/downloads/pingf...

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Ping Identity

What is CVE-2025-26862?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.