CNNVD-202508-608 Information

CNNVD ID

CNNVD-202508-608

Related CVE

CVE-2025-8419

• CNNVD Published: 2025-08-06

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在注入漏洞，该漏洞源于电子邮件注册过程中使用特殊字符可能导致SMTP注入，发送未经请求的短邮件。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is an injection loophole in Keycloak, which results from the use of special characters in the e-mail registration process, which may result in SMTP injections and unrequested short mail.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

Keycloak

Published

2025-08-06

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2385776 https://access.redhat.com/security/cve/CVE-2025-8419 https://vigilance.fr/vulnerability/Keycloak-write-access-via-SMTP-Injection-48248