CVE-2025-0604
Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
New images are available for Red Hat build of Keycloak 26.0.10 and Red Hat build of Keycloak 26.0.10 Operator, running on OpenShift Container Platform. Issues addressed include bypass and improper authorization vulnerabilities.
*Credits:
Red Hat would like to thank Dwayne Du for reporting this issue.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-01-20 CVE Reserved
- 2025-01-22 CVE Published
- 2025-03-14 CVE Updated
- 2025-03-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2025-0604 | 2025-01-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2338993 | 2025-01-22 | |
| https://access.redhat.com/errata/RHSA-2025:2544 | 2025-03-14 | |
| https://access.redhat.com/errata/RHSA-2025:2545 | 2025-03-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Build Keycloak Search vendor "Redhat" for product "Build Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Build Of Keycloak Search vendor "Redhat" for product "Build Of Keycloak" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Red Hat Single Sign On Search vendor "Redhat" for product "Red Hat Single Sign On" | * | - |
Affected
| ||||||