CVE-2025-10939

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the /admin path externally, especially when a proxy is in use. This issue allows access to the /admin application path relative to /realms, which is intended to be exposed.

Recommendations Do not expose the /admin path to external networks, particularly when using a proxy server.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2025-10939

ECHO-5C2B-B961-B3A6

GHSA-C6CM-5GC7-C3F4

GHSA-VJR8-56P3-FMQQ

Affected Products

Keycloak

CVE-2025-10939

Weakness Enumeration

Related Identifiers

Affected Products

References · 19