{
  "threat_severity" : "Moderate",
  "public_date" : "2025-04-29T00:00:00Z",
  "bugzilla" : {
    "description" : "org.keycloak.authentication: Two factor authentication bypass",
    "id" : "2361923",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2361923"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-287",
  "details" : [ "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.", "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication." ],
  "acknowledgement" : "This issue was discovered by Marek Posolda (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Build of Keycloak",
    "release_date" : "2025-04-29T00:00:00Z",
    "advisory" : "RHSA-2025:4336",
    "cpe" : "cpe:/a:redhat:build_keycloak:26",
    "package" : "org.keycloak.authentication"
  }, {
    "product_name" : "Red Hat build of Keycloak 26.0",
    "release_date" : "2025-04-29T00:00:00Z",
    "advisory" : "RHSA-2025:4335",
    "cpe" : "cpe:/a:redhat:build_keycloak:26.0::el9",
    "package" : "rhbk/keycloak-operator-bundle:26.0.11-2"
  }, {
    "product_name" : "Red Hat build of Keycloak 26.0",
    "release_date" : "2025-04-29T00:00:00Z",
    "advisory" : "RHSA-2025:4335",
    "cpe" : "cpe:/a:redhat:build_keycloak:26.0::el9",
    "package" : "rhbk/keycloak-rhel9:26.0-12"
  }, {
    "product_name" : "Red Hat build of Keycloak 26.0",
    "release_date" : "2025-04-29T00:00:00Z",
    "advisory" : "RHSA-2025:4335",
    "cpe" : "cpe:/a:redhat:build_keycloak:26.0::el9",
    "package" : "rhbk/keycloak-rhel9-operator:26.0-13"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-3910\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3910\nhttps://github.com/keycloak/keycloak/issues/39349" ],
  "name" : "CVE-2025-3910",
  "mitigation" : {
    "value" : "No current mitigations are available for this vulnerability.",
    "lang" : "en:us"
  },
  "csaw" : false
}