CVE-2025-10043 — Vulnetix

CVE-2025-10043 PUBLISHED

A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.

EPSS 0.04% · 10.9th percentile

Risk Scores

EPSS Score

0.04%

10.9th percentile

Timeline

Sep 5, 2025 CVE ID Reserved
Sep 6, 2025 EPSS Score
Sep 7, 2025 EPSS Score
Sep 8, 2025 EPSS Score
Sep 9, 2025 EPSS Score
Sep 10, 2025 EPSS Score
Sep 12, 2025 EPSS Score
Sep 13, 2025 EPSS Score
Sep 14, 2025 EPSS Score
Sep 15, 2025 EPSS Score
Sep 16, 2025 EPSS Score
Sep 17, 2025 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2025-10043 advisory
https://access.redhat.com/errata/RHSA-2025:16399 url
https://access.redhat.com/errata/RHSA-2025:16400 url
https://access.redhat.com/security/cve/CVE-2025-10043 url
https://bugzilla.redhat.com/show_bug.cgi?id=2393549 url

Open in Interactive Console →