CVE-2025-8419
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-09-04
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | keycloak | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Keycloak-services involves the use of special characters during e-mail registration that can cause SMTP Injection. This means that very short, unexpected, and unwanted emails may be sent from the Keycloak server due to the injection. The email length is limited to 64 characters, restricting the attack to short emails with minimal content. The direct consequence is the sending of unsolicited emails, but this could potentially lead to more complex attacks.
How can this vulnerability impact me? :
The vulnerability can cause your Keycloak server to send unsolicited short emails unexpectedly. While the immediate impact is limited to sending unwanted emails, this behavior could be exploited as a stepping stone for more sophisticated attacks, potentially compromising your system's security or reputation.