{"id":"CVE-2025-3910","details":"A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","aliases":["GHSA-5jfq-x6xp-7rw2"],"modified":"2026-04-10T05:26:09.749310Z","published":"2025-04-29T21:15:51.707Z","related":["CGA-fpxg-m44c-89vp"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"type":"REPORT","url":"https://github.com/keycloak/keycloak/issues/39349"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keycloak/keycloak","events":[{"introduced":"632f214aa2d668e8b59920c3dfcc449da68254a4"},{"fixed":"7dca54e8dc0dbe23995e260c989c9ef2e9023a94"}],"database_specific":{"versions":[{"introduced":"26.0"},{"fixed":"26.0.11"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3910.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}