CVE-2025-65073
published 2025-11-17CVE-2025-65073: OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone…
high7.5CVSS 3.1
AVNACHPRNUINSCCLIHAN
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2:22.0.2-0+deb12u1 (bookworm) | keystone 2:22.0.2-0+deb12u1 (bookworm) |
| openstack | keystone | < 26.0.1 | 26.0.1 |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2:18.1.0-1+deb11u2 | 2:18.1.0-1+deb11u2 |
| openstack | keystone | >= 0 < 2:22.0.2-0+deb12u1 | 2:22.0.2-0+deb12u1 |
| openstack | keystone | >= 0 < 2:27.0.0-3+deb13u1 | 2:27.0.0-3+deb13u1 |
| openstack | keystone | >= 0 < 2:28.0.0-2 | 2:28.0.0-2 |
| openstack | keystone | >= 0 < 26.0.1 | 26.0.1 |
| openstack | keystone | >= 0 < 2:21.0.1-0ubuntu2.1 | 2:21.0.1-0ubuntu2.1 |
| openstack | keystone | >= 27.0.0.0rc1 < 27.0.0 | 27.0.0 |
| openstack | keystone | >= 28.0.0.0rc1 < 28.0.0 | 28.0.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
osv7.5HIGH