Nixpkgs security tracker

Permalink CVE-2025-12150

3.1 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 2 months ago
@LeSuisse ignored
5 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
- terraform-providers.keycloak_keycloak
- python314Packages.python-keycloak
1 month, 3 weeks ago
@LeSuisse dismissed 1 month, 3 weeks ago

Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.

References

RHSA-2025:21370 x_refsource_REDHATvendor-advisory
RHSA-2025:21371 x_refsource_REDHATvendor-advisory
RHSA-2025:22088 x_refsource_REDHATvendor-advisory
RHSA-2025:22089 x_refsource_REDHATvendor-advisory
https://access.redhat.com/security/cve/CVE-2025-12150 vdb-entryx_refsource_REDHAT
RHBZ#2406192 issue-trackingx_refsource_REDHAT
https://github.com/keycloak/keycloak/issues/43723

Affected products

keycloak

<26.4.4

rhbk/keycloak-rhel9

rhbk/keycloak-rhel9-operator

rhbk/keycloak-operator-bundle

org.keycloak/keycloak-services

Red Hat build of Keycloak 26.2.11

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.4
- nixpkgs-unstable 26.5.4
- nixos-unstable-small 26.5.4
nixos-25.11 26.5.4
- nixos-25.11-small 26.5.4
- nixpkgs-25.11-darwin 26.5.4

Ignored packages (5)

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 7.0.2
- nixpkgs-unstable 7.0.2
- nixos-unstable-small 7.0.2

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.7.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>

Not impacted

Permalink CVE-2014-3655

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse ignored
5 packages
- terraform-providers.keycloak
- python312Packages.python-keycloak
- python313Packages.python-keycloak
- python314Packages.python-keycloak
- terraform-providers.keycloak_keycloak
2 months, 1 week ago
@LeSuisse dismissed 2 months, 1 week ago

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2014-3655 x_transferredx_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138 x_transferredx_refsource_MISC

Affected products

KeyCloak

==Fixed in version 1.1.0-Alpha1

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.5.3
- nixpkgs-unstable 26.5.3
- nixos-unstable-small 26.5.3
nixos-25.11 26.5.3
- nixos-25.11-small 26.5.3
- nixpkgs-25.11-darwin 26.5.3

Ignored packages (5)

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0
nixos-25.11 4.0.0
- nixos-25.11-small 4.0.0
- nixpkgs-25.11-darwin 4.0.0

pkgs.python314Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.terraform-providers.keycloak_keycloak

None

nixos-unstable 5.6.0
- nixpkgs-unstable 5.6.0
- nixos-unstable-small 5.6.0
nixos-25.11 5.5.0
- nixos-25.11-small 5.5.0
- nixpkgs-25.11-darwin 5.5.0

Package maintainers

@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@leona-ya Leona Maroni <nix@leona.is>

Current stable branch was never impacted

https://github.com/NixOS/nixpkgs/commit/efc7ecaf9c79f655737104ecabaea761afe81a7b

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

pkgs.python314Packages.python-keycloak

pkgs.terraform-providers.keycloak_keycloak

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

pkgs.python314Packages.python-keycloak

pkgs.terraform-providers.keycloak_keycloak

Package maintainers