CVE-2025-3501

HIGH8.2EPSS 0.09%

Keycloak hostname verification

Published: 4/30/2025Modified: 2/4/2026

Description

A flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N