CVE-2025-12390
CVE-2025-12390 affects Keycloak; it describes an offline session takeover where a user could receive another user’s tokens due to reusing session identifiers and incomplete logout cleanup when cookies are missing. Connected sources confirm this vulnerability in Keycloak and reference Red Hat advi...