{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T23:54:19.332","vulnerabilities":[{"cve":{"id":"CVE-2025-1391","sourceIdentifier":"secalert@redhat.com","published":"2025-02-17T14:15:08.413","lastModified":"2025-03-10T19:15:39.860","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges."},{"lang":"es","value":"Se encontró una falla en la función de organización de Keycloak, que permite la asignación incorrecta de una organización a un usuario si su nombre de usuario o correo electrónico coincide con el patrón de dominio de la organización. Este problema ocurre en el nivel del asignador, lo que genera una representación errónea en los tokens. Si una aplicación se basa en estas afirmaciones para la autorización, puede asumir incorrectamente que un usuario pertenece a una organización de la que no es miembro, lo que podría otorgar acceso o privilegios no autorizados."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2025:2544","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2025:2545","source":"secalert@redhat.com"},{"url":"https:\/\/access.redhat.com\/security\/cve\/CVE-2025-1391","source":"secalert@redhat.com"},{"url":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2346082","source":"secalert@redhat.com"}]}}]}