CVE-2025-1391
MEDIUM5.4EPSS 0.09%Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims
Published: 3/10/2025Modified: 3/10/2025
Description
This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk increases in scenarios where self-registration is enabled and unrestricted, allowing an attacker to exploit the naming pattern. The issue is mitigated if admins restrict registration or use strict validation mechanisms.
Affected packages (1)
- Maven/org.keycloak:keycloak-services>= 26.1.0, < 26.1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-1391
- PATCHhttps://github.com/keycloak/keycloak
- WEBhttps://access.redhat.com/errata/RHSA-2025:2545
- WEBhttps://access.redhat.com/security/cve/CVE-2025-1391
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2346082
- WEBhttps://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378
- WEBhttps://github.com/keycloak/keycloak/security/advisories/GHSA-gvgg-2r3r-53x7