Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vjr8-56p3-fmqq

Опубликовано: 02 дек. 2025
Источник: github
Github: Прошло ревью
CVSS3: 3.7

Описание

Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-quarkus-server

maven
Затронутые версииВерсия исправления

< 26.4.4

26.4.4

EPSS

Процентиль: 3%
0.00016
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2025-10939

Дефекты

CWE-427

Связанные уязвимости

nvd логотип

CVE-2025-10939

CVSS3: 3.7
nvd
3 месяца назад

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed.

debian логотип

CVE-2025-10939

CVSS3: 3.7
debian
3 месяца назад

A flaw was found in Keycloak. The Keycloak guides recommend to not exp ...

EPSS

Процентиль: 3%
0.00016
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2025-10939

Дефекты

CWE-427