A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The is

APPLICATION

19-12-2025 23:22

CVE-2025-10939 Vulnerabilidad documentada

Sin puntuación

Tags

#using

#admin

#application

#issue

#flaw

#access

Descripción

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path the outside case installation is using a proxy. issue occurs at least via ha-proxy, as it can be tricked relative/non-normalized paths access application relative /realms which expected exposed.

https://access.redhat.com/errata/RHSA-2025:21370

https://access.redhat.com/errata/RHSA-2025:21371

https://access.redhat.com/security/cve/CVE-2025-10939

https://bugzilla.redhat.com/show_bug.cgi?id=2398025

https://github.com/keycloak/keycloak/issues/43763

https://github.com/keycloak/keycloak/pull/43765

Referencia

CVE-2025-10939

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-10939

Resultados similares

Coincidentes en almenos en 50% de los tags

19-12-2025 CVE-2025-14046
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server th...
Ver información

19-12-2025 CVE-2020-11639
An attacker could exploit the vulnerability by injecting garbage data or specially crafted data...
Ver información