Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-e4ub-v4ef-affb
Vulnerability ID VCID-e4ub-v4ef-affb
Aliases CVE-2025-3501
GHSA-hw58-3793-42gg
Summary Keycloak hostname verification A flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-297 Improper Validation of Certificate with Host Mismatch
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:4335
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:4335
ssvc Track https://access.redhat.com/errata/RHSA-2025:4335
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:4336
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:4336
ssvc Track https://access.redhat.com/errata/RHSA-2025:4336
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:8672
ssvc Track https://access.redhat.com/errata/RHSA-2025:8672
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:8690
ssvc Track https://access.redhat.com/errata/RHSA-2025:8690
cvssv3 8.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
cvssv3.1 8.2 https://access.redhat.com/security/cve/CVE-2025-3501
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2025-3501
ssvc Track https://access.redhat.com/security/cve/CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2025-3501
cvssv3.1 8.2 https://bugzilla.redhat.com/show_bug.cgi?id=2358834
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2358834
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2358834
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-hw58-3793-42gg
cvssv3.1 8.2 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 8.2 https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
generic_textual HIGH https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
cvssv3.1 8.2 https://github.com/keycloak/keycloak/issues/39350
generic_textual HIGH https://github.com/keycloak/keycloak/issues/39350
ssvc Track https://github.com/keycloak/keycloak/issues/39350
cvssv3.1 8.2 https://github.com/keycloak/keycloak/pull/39366
generic_textual HIGH https://github.com/keycloak/keycloak/pull/39366
ssvc Track https://github.com/keycloak/keycloak/pull/39366
cvssv3.1 8.2 https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
cvssv3.1_qr HIGH https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
generic_textual HIGH https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2025-3501
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-3501
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/errata/RHSA-2025:4336
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
https://access.redhat.com/security/cve/CVE-2025-3501
https://api.first.org/data/v1/epss?cve=CVE-2025-3501
https://bugzilla.redhat.com/show_bug.cgi?id=2358834
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
https://github.com/keycloak/keycloak/issues/39350
https://github.com/keycloak/keycloak/pull/39366
https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
https://nvd.nist.gov/vuln/detail/CVE-2025-3501
cpe:/a:redhat:build_keycloak:26 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
cpe:/a:redhat:build_keycloak:26.0::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
cpe:/a:redhat:build_keycloak:26.2::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
cpe:/a:redhat:red_hat_single_sign_on:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
GHSA-hw58-3793-42gg https://github.com/advisories/GHSA-hw58-3793-42gg
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:4335
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://access.redhat.com/errata/RHSA-2025:4335
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:4336
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://access.redhat.com/errata/RHSA-2025:4336
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:8672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://access.redhat.com/errata/RHSA-2025:8672
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:8690
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://access.redhat.com/errata/RHSA-2025:8690
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2025-3501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://access.redhat.com/security/cve/CVE-2025-3501
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358834
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak/issues/39350
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://github.com/keycloak/keycloak/issues/39350
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak/pull/39366
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/ Found at https://github.com/keycloak/keycloak/pull/39366
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-3501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.26058
EPSS Score 0.00092
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:54:52.793418+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-hw58-3793-42gg/GHSA-hw58-3793-42gg.json 38.0.0