Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1odzU4LTM3OTMtNDJnZ84ABHSk

High EPSS: 0.00012% (0.01242 Percentile) EPSS:
Permalink JSON

Keycloak hostname verification

Affected Packages Affected Versions Fixed Versions
maven:org.keycloak:keycloak-services < 26.2.2 26.2.2
90 Dependent packages
561 Dependent repositories

Affected Version Ranges

All affected versions

5.0.0, 6.0.0, 6.0.1, 7.0.0, 7.0.1, 8.0.0, 8.0.1, 8.0.2, 9.0.0, 9.0.2, 9.0.3, 10.0.0, 10.0.1, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.0.1, 14.0.0, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.1.1, 16.0.0, 16.1.0, 16.1.1, 17.0.0, 17.0.1, 18.0.0, 18.0.1, 18.0.2, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 21.0.0, 21.0.1, 21.0.2, 21.1.0, 21.1.1, 21.1.2, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.0.4, 22.0.5, 23.0.0, 23.0.1, 23.0.2, 23.0.3, 23.0.4, 23.0.5, 23.0.6, 23.0.7, 24.0.0, 24.0.1, 24.0.2, 24.0.3, 24.0.4, 24.0.5, 25.0.0, 25.0.1, 25.0.2, 25.0.3, 25.0.4, 25.0.5, 25.0.6, 26.0.0, 26.0.1, 26.0.2, 26.0.3, 26.0.4, 26.0.5, 26.0.6, 26.0.7, 26.0.8, 26.1.0, 26.1.1, 26.1.2, 26.1.3, 26.1.4, 26.1.5, 26.2.0, 26.2.1

All unaffected versions

26.2.2, 26.2.3, 26.2.4, 26.2.5, 26.3.0, 26.3.1, 26.3.2

A flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.

References:

Identifiers

GHSA-hw58-3793-42gg

CVE-2025-3501

Risk

Severity

High

EPSS

EPSS Percentage: 0.00012

EPSS Percentile: 0.01242

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/keycloak/keycloak

Date and time

Published

3 months ago

Updated

3 months ago

API

JSON