cbcvebase.
CVE-2025-3910
published 2025-04-29

CVE-2025-3910: A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent…

medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Affected

3 ranges
VendorProductVersion rangeFixed in
msrccbl2_kernel_5.15.82.1-1_on_cbl_mariner_2.0
msrccm1_kernel_5.10.158.1-1_on_cbl_mariner_1.0
redhatbuild_of_keycloak>= 26.0 < 26.0.1126.0.11