CVE-2025-12390

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak that could allow a user to gain unintended access to another user's session when both users share the same device and browser. This occurs because Keycloak may reuse session identifiers and does not adequately clear sessions upon logout when browser cookies are absent. Consequently, a user might receive tokens intended for another user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.