Security Advisory

CVE-2025-10939

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-28 03:08:30

Last updated 2025-12-19 21:46:46

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to /realms which is expected to be exposed.

← Browse all CVEs View on cve.org ↗