CVE-2025-3910

CWE-287Improper AuthenticationCWE-416Use After Free6 documents6 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 77.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Build OF Keycloak
Timeline
PublishedApr 29
Latest updateApr 30

Description

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDredhat/build_of_keycloak26.026.0.11

🔴Vulnerability Details

3
GHSA
Keycloak vulnerable to two factor authentication bypass2025-04-30
OSV
Keycloak vulnerable to two factor authentication bypass2025-04-30
CVEList
Org.keycloak.authentication: two factor authentication bypass2025-04-29

📋Vendor Advisories

2
Red Hat
org.keycloak.authentication: Two factor authentication bypass2025-04-29
Microsoft
Use after free in io_uring in the Linux Kernel2022-11-08
CVE-2025-3910 (MEDIUM CVSS 5.4) | A flaw was found in Keycloak | cvebase.io