2.7
CVE-2025-10043
- EPSS 0.04%
- Published 05.09.2025 20:06:14
- Last modified 22.09.2025 16:15:39
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorRed Hat
≫
Product
Red Hat build of Keycloak 26.2
Default Statusaffected
Version <
*
Version
26.2.9-1
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 26.2
Default Statusaffected
Version <
*
Version
26.2-9
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 26.2
Default Statusaffected
Version <
*
Version
26.2-9
Status
unaffected
VendorRed Hat
≫
Product
Red Hat build of Keycloak 26.2.9
Default Statusunaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.089 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| secalert@redhat.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.