VDB
CISA-2025-3501
CISA-2025-3501
PUBLISHED
CVSS 8.2 HIGH
Reported by redhat · Published April 29, 2025
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
Risk Scores
CVSS 3.1
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 25.0.0, 26.0.0, 26.1.0 | ||
| Red Hat | Red Hat Build of Keycloak | |
| Red Hat | Red Hat build of Keycloak 26 | |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0.11-2 |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0-12 |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0-13 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2.5-1 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-4 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-4 |
| Red Hat | Red Hat Single Sign-On 7 | |
| 25.0.0, 26.0.0, 26.1.0 | ||
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-4, 26.2-4 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2.5-1, 26.2.5-1 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-4, 26.2-4 |
| Red Hat | Red Hat Build of Keycloak | |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0-13, 26.0-13 |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0-12, 26.0-12 |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat build of Keycloak 26.0 | 26.0.11-2, 26.0.11-2 |
| Red Hat | Red Hat build of Keycloak 26 |
Timeline
- Apr 29, 2025 CVE Published
- Nov 20, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:8672 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:8690 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2358834 issue-trackingx_refsource_REDHAT