6 matches found
Keycloak Admin Path Traversal Vulnerability (CVE-2025-10939)
The version of Keycloak installed on the remote host is affected by a path traversal vulnerability. A flaw was found in Keycloak where the /admin path can be accessed using relative/non-normalized paths e.g., /realms/../admin/, bypassing proxy restrictions recommended in the Keycloak guides. This...
CVE-2025-10939
creationtimestamp| type| source ---|---|--- 2025-10-28 06:51:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4adt2ksa62u...
de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=4.1.0-26.0 <=5.4.3-26.2), net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9) +21 more potentially affected by CVE-2025-10939 via org.keycloak:keycloak-quarkus-server (>=26.0.0 <=26.3.5)
org.keycloak:keycloak-quarkus-server MAVEN version =26.0.0, =4.1.0-26.0, =8.1, =26.3.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26...
CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...
CVE-2025-10939
Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...
CVE-2025-10939
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...