CVE-2025-3501

EPSS 0.01%
Published 29.04.2025 20:45:29
Last modified 07.08.2025 13:15:36
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://www.keycloak.org/

≫

Package keycloak

Default Statusunaffected

Version < 25.*

Version 25.0.0

Status affected

Version < 26.0.11

Version 26.0.0

Status affected

Version < 26.1.*

Version 26.1.0

Status unknown

Version < 26.2.2

Version 26.2.0

Status affected

VendorRed Hat

≫

Product Red Hat Build of Keycloak

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.0

Default Statusaffected

Version < *

Version 26.0.11-2

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.0

Default Statusaffected

Version < *

Version 26.0-12

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.0

Default Statusaffected

Version < *

Version 26.0-13

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.2

Default Statusaffected

Version < *

Version 26.2.5-1

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.2

Default Statusaffected

Version < *

Version 26.2-4

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Keycloak 26.2

Default Statusaffected

Version < *

Version 26.2-4

Status unaffected

VendorRed Hat

≫

Product Red Hat Single Sign-On 7

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.015

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://access.redhat.com/security/cve/CVE-2025-3501

https://bugzilla.redhat.com/show_bug.cgi?id=2358834

https://access.redhat.com/errata/RHSA-2025:4335

https://access.redhat.com/errata/RHSA-2025:4336

https://access.redhat.com/errata/RHSA-2025:8672

https://access.redhat.com/errata/RHSA-2025:8690

https://github.com/keycloak/keycloak/issues/39350

https://github.com/keycloak/keycloak/pull/39366

https://nvd.nist.gov/vuln/detail/CVE-2025-3501

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3501

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3501

EUVD