CVE-2025-3910

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-3910

Severity

5.4

Medium

CVSS CVSS_V3

Description

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

References

https://images.chainguard.dev/security/CGA-8xmf-2m4q-3f4v
https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
https://images.chainguard.dev/security/CGA-j78w-pgqj-6f8g
https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/errata/RHSA-2025:4336
https://access.redhat.com/security/cve/CVE-2025-3910
https://bugzilla.redhat.com/show_bug.cgi?id=2361923
https://github.com/keycloak/keycloak/issues/39349

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal