What is CVE-2025-7365?

CVE-2025-7365 is a high-severity vulnerability in Red Hat Build Of Keycloak 26, classified under Origin Validation Error. CVSS score: 7.1/10. Published 2025-07-10.

How severe is CVE-2025-7365?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Red Hat Build Of Keycloak 26

CVE-2025-7365

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This…

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Red Hat Build Of Keycloak 26
Red Hat Build Of Keycloak 26.0 — versions 26.0.13-2, 26.0-16, 26.0-17
Red Hat Build Of Keycloak 26.2 — versions 26.2.6-1, 26.2-6
Redhat Keycloak

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

RHSA-2025:11986 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2025:11987 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2025:12015 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2025:12016 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
RHBZ#2378852 (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)
secalert@redhat.com
secalert@redhat.com

Frequently asked questions

What is CVE-2025-7365?: CVE-2025-7365 is a high-severity vulnerability in Red Hat Build Of Keycloak 26, classified under Origin Validation Error. CVSS score: 7.1/10. Published 2025-07-10.
How severe is CVE-2025-7365?: High severity. CVSS v3 base score is 7.1 out of 10.