CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:21370	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:21371	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:22088	Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:22089	Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-12150	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2406192	Issue Tracking
https://github.com/keycloak/keycloak/issues/43723	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:build_of_keycloak::::::::
	cpe:2.3:a:redhat:build_of_keycloak:-::::text-only:::
	cpe:2.3:a:redhat:keycloak:24.0.2:::::::*

History

No history.

Information

Published : 2026-02-27 09:16

Updated : 2026-03-05 02:19

NVD link : CVE-2025-12150

Mitre link : CVE-2025-12150

CVE.ORG link : CVE-2025-12150

JSON object : View

Products Affected

redhat

build_of_keycloak
keycloak

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2025-12150", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2026-02-27T09:16:15.227", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:21370", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:21371", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:22088", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:22089", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-12150", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406192", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://github.com/keycloak/keycloak/issues/43723", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak\u2019s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el componente de registro WebAuthn de Keycloak. Esta vulnerabilidad permite a un atacante eludir la pol\u00edtica de atestaci\u00f3n configurada y registrar autenticadores no confiables o falsificados mediante el env\u00edo de un objeto de atestaci\u00f3n con fmt: 'none', incluso cuando el reino est\u00e1 configurado para requerir atestaci\u00f3n directa. Esto puede llevar a una integridad de autenticaci\u00f3n debilitada y a un registro de autenticador no autorizado."}], "lastModified": "2026-03-05T02:19:42.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3343606-97FB-462F-9727-A66ABF6CE26D", "versionEndExcluding": "26.4.4"}, {"criteria": "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "1830E455-7E11-4264-862D-05971A42D4A6"}, {"criteria": "cpe:2.3:a:redhat:keycloak:24.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "242ABA6C-CDCA-4D5C-ABF2-1FE4BB3E3B0E"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}