CVE-2025-10044
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-11-07
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | keycloak | 26.2.9 |
| redhat | keycloak | 26.0.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include educating users about the potential phishing risk posed by misleading messages in error pages, and monitoring for suspicious URLs containing the error_description parameter. Since the vulnerability involves displaying arbitrary text in error pages, consider implementing additional validation or sanitization on the error_description parameter if possible. Alternatively, restrict or disable the display of user-controlled text in error messages until a patch is available. Applying any available updates or patches from Keycloak or your Linux distribution vendor as soon as they are released is also recommended. [1]
Can you explain this vulnerability to me?
This vulnerability in Keycloak occurs because the error_description query parameter accepts arbitrary text that is rendered directly on error pages without proper validation or sanitization. Although HTML encoding prevents cross-site scripting (XSS), attackers can craft URLs containing misleading messages, such as fake support phone numbers or URLs, which are displayed within the trusted Keycloak user interface. This creates a phishing vector that can trick users into contacting malicious actors. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to display deceptive messages within Keycloak's trusted user interface. These misleading messages can trick users into believing they are legitimate support contacts, potentially causing them to disclose sensitive information or interact with malicious actors, leading to phishing attacks. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring HTTP requests to Keycloak's account console and other error pages for the presence of the error_description query parameter containing suspicious or misleading text. For example, you can use network traffic inspection tools or web server logs to search for URLs with error_description parameters that include unexpected or suspicious content. A simple command using grep on web server logs might be: grep 'error_description=' /path/to/keycloak/access.log. Additionally, using tools like Wireshark or a web proxy to capture and analyze HTTP requests to Keycloak can help identify attempts to exploit this vulnerability. [1]