VDB

CISA-2025-3501

CISA-2025-3501 PUBLISHED CVSS 8.2 HIGH

Reported by redhat · Published April 29, 2025

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Risk Scores

CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products

VendorProductVersions
25.0.0, 26.0.0, 26.1.0
Red HatRed Hat Build of Keycloak
Red HatRed Hat build of Keycloak 26
Red HatRed Hat build of Keycloak 26.026.0.11-2
Red HatRed Hat build of Keycloak 26.026.0-12
Red HatRed Hat build of Keycloak 26.026.0-13
Red HatRed Hat build of Keycloak 26.226.2.5-1
Red HatRed Hat build of Keycloak 26.226.2-4
Red HatRed Hat build of Keycloak 26.226.2-4
Red HatRed Hat Single Sign-On 7
25.0.0, 26.0.0, 26.1.0
Red HatRed Hat build of Keycloak 26.226.2-4, 26.2-4
Red HatRed Hat build of Keycloak 26.226.2.5-1, 26.2.5-1
Red HatRed Hat build of Keycloak 26.226.2-4, 26.2-4
Red HatRed Hat Build of Keycloak
Red HatRed Hat build of Keycloak 26.026.0-13, 26.0-13
Red HatRed Hat build of Keycloak 26.026.0-12, 26.0-12
Red HatRed Hat Single Sign-On 7
Red HatRed Hat build of Keycloak 26.026.0.11-2, 26.0.11-2
Red HatRed Hat build of Keycloak 26

Timeline

  • Apr 29, 2025 CVE Published
  • Nov 20, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›