{ "threat_severity" : "Important", "public_date" : "2025-11-17T00:00:00Z", "bugzilla" : { "description" : "openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw", "id" : "2415344", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2415344" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-863", "details" : [ "OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.", "A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS (Amazon Web Services) signature to the /v3/ec2tokens or /v3/s3tokens API (Application Programming Interface) endpoints." ], "statement" : "This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token belonging to a valid user by sending a valid AWS signature to the /v3/ec2tokens or /v3/s3tokens API's endpoints, leading to access to unauthorized resources or privilege escalation within the OpenStack instance.\nThis attack is considered to have a high complexity (AC:H) due to the fact of obtaining such valid AWS token is not straight forward. To be considered vulnerable, the OpenStack deployments should expose the related API end points through a public API or external access.", "affected_release" : [ { "product_name" : "Red Hat OpenStack Services on OpenShift 18.0", "release_date" : "2026-02-13T00:00:00Z", "advisory" : "RHSA-2026:1958", "cpe" : "cpe:/a:redhat:openstack:18.0::el9", "package" : "openstack-keystone-1:23.0.3-18.0.20241202141842.9e3dfb4.el9ost" } ], "package_state" : [ { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Affected", "package_name" : "rhosp13/openstack-keystone", "cpe" : "cpe:/a:redhat:openstack:13" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "openstack-keystone", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "rhosp-rhel8/openstack-keystone", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "openstack-keystone", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "rhosp-rhel9/openstack-keystone", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Affected", "package_name" : "rhoso/openstack-keystone-rhel9", "cpe" : "cpe:/a:redhat:openstack:18.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-65073\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-65073\nhttps://security.openstack.org/ossa/OSSA-2025-002.html\nhttps://www.openwall.com/lists/oss-security/2025/11/04/2" ], "name" : "CVE-2025-65073", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang" : "en:us" }, "csaw" : false }