logo

Database

Authentication mechanism absence or evasion In org.keycloak:keycloak-services

Description

Keycloak vulnerable to two factor authentication bypass

Description

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-39102. NVD-2025-39103. OSV-2025-39104. GHSA-5jfq-x6xp-7rw25. GCVE-2025-39106. access.redhat.com7. access.redhat.com8. ACCESS-CVE-2025-3910

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw22. https://github.com/keycloak/keycloak/issues/393493. https://bugzilla.redhat.com/show_bug.cgi?id=2361923

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-49TQI – Vulnerability | Fluid Attacks Database