CNNVD-202510-3906 Information

CNNVD ID

CNNVD-202510-3906

Related CVE

CVE-2025-10939

• CNNVD Published: 2025-10-28

Description (Chinese)

Red Hat build of Keycloak是美国红帽（Red Hat）公司的一款用于单点登录的Web应用。 Red Hat build of Keycloak存在代码问题漏洞，该漏洞源于代理配置不当，可能导致通过非规范化路径访问/admin路径。

Description (English)

Red Hat built of Keycloak is a Web application for single-point access by Red Hat. Red Hat built of Keycloak has a code loophole, which stems from inappropriate proxy configurations and may lead to access/admin via unstandardized paths.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

红帽

Published

2025-10-28

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-10939 https://bugzilla.redhat.com/show_bug.cgi?id=2398025 https://vigilance.fr/vulnerability/Keycloak-ingress-filtrering-bypass-via-admin-Relative-Paths-48920

Patch

https://github.com/keycloak/keycloak/releases