Uncontrolled Search Path Element

CVE-2025-10939

Low

3.7/10

Summary

A flaw was found in Keycloak versions prior to 26.4.3. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the "/admin" application path relative to "/realms" which is expected to be exposed.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

Advisory
Advisory
Issue
Issue
Pull request

Advisory Timeline

Published Oct 28, 2025

Uncontrolled Search Path Element

CVE-2025-10939

Summary

CWE-427 - Uncontrolled Search Path Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS