Description
Considered by the maintainers a bug scenario experienced rather than a vulnerability.
Published: 2025-09-05
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27027 A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.
History

Thu, 09 Oct 2025 03:15:00 +0000

Type Values Removed Values Added
Title Keycloak: incomplete fix of cve-2024-10492 keycloak: Incomplete fix of CVE-2024-10492
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 09 Oct 2025 02:30:00 +0000

Type Values Removed Values Added
References

Thu, 09 Oct 2025 02:15:00 +0000

Type Values Removed Values Added
Description A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492. Considered by the maintainers a bug scenario experienced rather than a vulnerability.
CPEs cpe:/a:redhat:build_keycloak:26.2::el9
Vendors & Products Redhat
Redhat build Keycloak

Mon, 22 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
References

Mon, 22 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak: cpe:/a:redhat:build_keycloak:26.2::el9
References

Sat, 06 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 05 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Description A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As a result, a high-privilege administrator could probe for the existence of files outside the expected realm context through crafted vault secret lookups. This is a platform-specific variant/incomplete fix of CVE-2024-10492.
Title Keycloak: incomplete fix of cve-2024-10492
First Time appeared Redhat
Redhat build Keycloak
Weaknesses CWE-73
CPEs cpe:/a:redhat:build_keycloak:
Vendors & Products Redhat
Redhat build Keycloak
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: REJECTED

Assigner: redhat

Published:

Updated: 2025-10-09T01:45:58.716Z

Reserved: 2025-09-05T18:12:23.630Z

Link: CVE-2025-10043

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-09-05T20:15:34.220

Modified: 2025-10-09T02:15:40.607

Link: CVE-2025-10043

cve-icon Redhat

Severity : Low

Publid Date: 2025-09-05T00:00:00Z

Links: CVE-2025-10043 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses