CNNVD-202507-1498 Information
CNNVD ID
CNNVD-202507-1498
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在访问控制错误漏洞,该漏洞源于身份提供者登录期间账户合并功能存在缺陷,可能导致攻击者通过修改电子邮件地址获取受害者账户访问权限。
Description (English)
Keycloak is an open-source identity and access management solution for Keycloak. There is an access control error loophole in Keycloak, which arises from deficiencies in account consolidation during the registration of the identity provider, which may lead the assailant to obtain access to the victim ’ s account by changing the e-mail address.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Keycloak
Published
2025-07-10
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/CVE-2025-7365 https://bugzilla.redhat.com/show_bug.cgi?id=2378852 https://access.redhat.com/errata/RHSA-2025:12016 https://access.redhat.com/errata/RHSA-2025:12015 https://access.redhat.com/errata/RHSA-2025:11987 https://access.redhat.com/errata/RHSA-2025:11986 https://vigilance.fr/vulnerability/Keycloak-user-access-via-account-merging-47812 https://nvd.nist.gov/vuln/detail/CVE-2025-7365
Patch
https://www.keycloak.org/downloads
Share on: