{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T03:03:30.780","vulnerabilities":[{"cve":{"id":"CVE-2025-3910","sourceIdentifier":"secalert@redhat.com","published":"2025-04-29T21:15:51.707","lastModified":"2025-08-18T15:55:00.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication."},{"lang":"es","value":"Se detectó una falla en Keycloak. El paquete org.keycloak.authorization podría ser vulnerable a eludir acciones obligatorias, lo que permite a los usuarios eludir requisitos como la configuración de la autenticación de dos factores."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:text-only:*:*:*","versionStartIncluding":"26.0","versionEndExcluding":"26.0.11","matchCriteriaId":"800270D6-AAEC-40D5-B10C-D5B30DF1F51C"}]}]}],"references":[{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2025:4335","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https:\/\/access.redhat.com\/errata\/RHSA-2025:4336","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https:\/\/access.redhat.com\/security\/cve\/CVE-2025-3910","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2361923","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https:\/\/github.com\/keycloak\/keycloak\/issues\/39349","source":"secalert@redhat.com","tags":["Issue Tracking"]}]}}]}