VDB
CVE-2025-10939
CVE-2025-10939
PUBLISHED
CVSS 3.700000047683716 LOW
Keycloak unable to restrict access to the admin console
EPSS 0.01% · 2.8th percentile
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.01%
2.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4.4 | |
| Keycloak | keycloak | 0 |
| Maven | org.keycloak:keycloak-quarkus-server | 0 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.4-1 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-3 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-3 |
Timeline
- Sep 25, 2025 CVE ID Reserved
- Oct 28, 2025 EPSS Score
- Oct 28, 2025 Coalition ESS Score
- Oct 28, 2025 CVE Published
- Oct 28, 2025 PoC Published
- Oct 30, 2025 Coalition ESS Score
- Nov 3, 2025 EPSS Score
- Nov 4, 2025 Coalition ESS Score
- Nov 8, 2025 EPSS Score
- Nov 14, 2025 EPSS Score
- Nov 14, 2025 Coalition ESS Score
- Nov 16, 2025 Coalition ESS Score
References
- RHSA-2025:21370 vendor-advisory
- RHSA-2025:21371 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-10939 vdb
- RHBZ#2398025 issue
- https://github.com/keycloak/keycloak/issues/43763 url
- https://github.com/keycloak/keycloak/pull/43765 url
- https://github.com/keycloak/keycloak/security/advisories/GHSA-vjr8-56p3-fmqq url
- https://nvd.nist.gov/vuln/detail/CVE-2025-10939 advisory
- https://github.com/keycloak/keycloak package