Search for vulnerabilities
Vulnerability details: VCID-5hrf-cqc3-b7am
Vulnerability ID VCID-5hrf-cqc3-b7am
Aliases GHSA-r934-w73g-v4p8
Summary Duplicate Advisory: Keycloak hostname verification
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-297 Improper Validation of Certificate with Host Mismatch
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:4335
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:4335
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:4336
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:4336
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:8672
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:8672
cvssv3.1 8.2 https://access.redhat.com/errata/RHSA-2025:8690
generic_textual HIGH https://access.redhat.com/errata/RHSA-2025:8690
cvssv3.1 8.2 https://access.redhat.com/security/cve/CVE-2025-3501
generic_textual HIGH https://access.redhat.com/security/cve/CVE-2025-3501
cvssv3.1 8.2 https://bugzilla.redhat.com/show_bug.cgi?id=2358834
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2358834
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-r934-w73g-v4p8
cvssv3.1 8.2 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2025-3501
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-3501
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/errata/RHSA-2025:4336
https://access.redhat.com/errata/RHSA-2025:8672
https://access.redhat.com/errata/RHSA-2025:8690
https://access.redhat.com/security/cve/CVE-2025-3501
https://bugzilla.redhat.com/show_bug.cgi?id=2358834
https://github.com/keycloak/keycloak
CVE-2025-3501 https://nvd.nist.gov/vuln/detail/CVE-2025-3501
GHSA-r934-w73g-v4p8 https://github.com/advisories/GHSA-r934-w73g-v4p8
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:4335
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:4336
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:8672
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2025:8690
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2025-3501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-3501
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-04-30T22:25:46.381920+00:00 GHSA Importer Import https://github.com/advisories/GHSA-r934-w73g-v4p8 36.0.0