CNNVD-202510-3830 Information

CNNVD ID

CNNVD-202510-3830

Related CVE

CVE-2025-12390

• CNNVD Published: 2025-10-28

Description (Chinese)

Red Hat build of Keycloak是美国红帽（Red Hat）公司的一款用于单点登录的Web应用。 Red Hat build of Keycloak存在授权问题漏洞，该漏洞源于会话标识符重用和注销时未正确清理，可能导致用户意外获取其他用户的会话令牌。

Description (English)

Red Hat built of Keycloak is a Web application for single-point access by Red Hat. Red Hat built of Keycloak has a mandate loophole, which stems from incorrect clean-up at the time of reuse and write-off of session identifiers, which could lead to unexpected access by users to other users ’ message tokens.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

红帽

Published

2025-10-28

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-12390 https://bugzilla.redhat.com/show_bug.cgi?id=2406793

Patch

https://github.com/keycloak/keycloak/releases