CVE-2025-65073

CWE-863 — Incorrect Authorization9 documents7 sources

Severity

7.5HIGH

EPSS

0.0%

top 85.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Keystone

Timeline

PublishedNov 17

Latest updateDec 11

Description

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:NExploitability: 2.2 | Impact: 4.7

Affected Packages4 packages

▶CVEListV5openstack/keystone< 26.0.1+2

▶PyPIkeystone27.0.0.0rc1 — 27.0.0+2

▶Debiankeystone< 2:18.1.0-1+deb11u2+3

▶Ubuntukeystone< 2:21.0.1-0ubuntu2.1

🔴Vulnerability Details

OSV

keystone vulnerabilities↗2025-12-11

▶

OSV

CVE-2025-65073: OpenStack Keystone before 26↗2025-11-17

▶

GHSA

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.↗2025-11-17

▶

OSV

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.↗2025-11-17

▶

CVEList

CVE-2025-65073: OpenStack Keystone before 26↗2025-11-17

▶

📋Vendor Advisories

Ubuntu

OpenStack Keystone vulnerabilities↗2025-12-11

▶

Red Hat

openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw↗2025-11-17

▶

Debian

CVE-2025-65073: keystone - OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /...↗2025

▶