Vulnerability in Keycloak Authorization Package Allows Circumvention of Security Actions
CVE-2025-3910

5.4MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak
Red Hat Build Of Keycloak 26.0
Vendor
CVE Published:
29 April 2025
đź”” Create Red Hat Vulnerability Alert

What is CVE-2025-3910?

A flaw was identified in the Keycloak authorization package, which could allow users to bypass essential security requirements. This vulnerability impacts users' ability to enforce mandatory actions, such as the setup of two-factor authentication, potentially exposing sensitive systems and user accounts to unauthorized access. Organizations utilizing affected versions of Keycloak should assess their security posture and implement necessary mitigations to prevent exploitation of this issue.

References

https://access.redhat.com/errata/RHSA-2025:4335
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:4336
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-3910
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Marek Posolda (Red Hat).
.
CVE-2025-3910 : Vulnerability in Keycloak Authorization Package Allows Circumvention of Security Actions