Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/31 12:0 a.m.7 views

Keycloak Admin Path Traversal Vulnerability (CVE-2025-10939)

The version of Keycloak installed on the remote host is affected by a path traversal vulnerability. A flaw was found in Keycloak where the /admin path can be accessed using relative/non-normalized paths e.g., /realms/../admin/, bypassing proxy restrictions recommended in the Keycloak guides. This...

3.7CVSS5.4AI score0.00386EPSS
Exploits0References2
Circl
Circl
added 2025/10/28 6:51 a.m.6 views

CVE-2025-10939

creationtimestamp| type| source ---|---|--- 2025-10-28 06:51:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4adt2ksa62u...

3.7CVSS4.8AI score0.00386EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/10/28 3:46 a.m.5 views

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=4.1.0-26.0 <=5.4.3-26.2), net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9) +21 more potentially affected by CVE-2025-10939 via org.keycloak:keycloak-quarkus-server (>=26.0.0 <=26.3.5)

org.keycloak:keycloak-quarkus-server MAVEN version =26.0.0, =4.1.0-26.0, =8.1, =26.3.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26...

3.7CVSS5.8AI score0.00386EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/28 3:8 a.m.8 views

CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS0.00386EPSS
Exploits0References6
CVE
CVE
added 2025/10/28 3:8 a.m.26 views

CVE-2025-10939

Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...

3.7CVSS6.2AI score0.00386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/28 2:58 a.m.5 views

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS6.1AI score0.00386EPSS
Exploits0References3
Rows per page
Query Builder