CVEFinder.io

CVE-2025-12150

ℹ️ low
🔍 Scan for this CVE
Summary

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

CVSS Score
3.1
Low
EPSS Score
0.0
Exploit Probability
Published Date
2026-02-27
First Seen: 2026-02-28
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.1% of all 318,071 vulnerabilities in our database.

#311,381
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Feb 27, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Stefan Kunz (cnlab) for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-03-05
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE IDs (Weakness Types)
CWE-347

📦 Affected Products 3

Vendor Product Status Affected Versions
redhat keycloak Affected
v24.0.2
redhat build_of_keycloak Affected
< 26.4.4
redhat build_of_keycloak Affected
v-

🔗 References 7

https://access.redhat.com/errata/RHSA-2025:21370
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:21371
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:22088
Vendor Advisory
https://access.redhat.com/errata/RHSA-2025:22089
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-12150
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2406192
Issue Tracking
https://github.com/keycloak/keycloak/issues/43723
Issue Tracking

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-37977 ℹ️ low 3.7 0.0 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vuln... 2026-04-06
CVE-2026-3121 🔶 medium 6.5 0.0 A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi... 2026-03-26
CVE-2026-3190 🔶 medium 4.3 0.0 A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to ... 2026-03-26
CVE-2026-3047 ⚠️ high 8.8 0.3 A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language (SAML) client is config... 2026-03-05
CVE-2026-3009 ⚠️ high 8.1 0.0 A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an... 2026-03-05
CVE-2026-0871 🔶 medium 4.9 0.0 A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can vi... 2026-02-27
These CVEs affect the same products