CVE-2025-3501HIGH 8.2EPSS p27.4%

CVE-2025-3501CVE-2025-3501

Description

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.36% probability of exploitation · percentile 27.4% · 2026-06-19T12:03:05Z
Published2025-04-29
Last modified2026-04-15

Underlying weaknesses· 1

CWE-297

References

  1. https://access.redhat.com/errata/RHSA-2025:4335
  2. https://access.redhat.com/errata/RHSA-2025:4336
  3. https://access.redhat.com/errata/RHSA-2025:8672
  4. https://access.redhat.com/errata/RHSA-2025:8690
  5. https://access.redhat.com/security/cve/CVE-2025-3501
  6. https://bugzilla.redhat.com/show_bug.cgi?id=2358834
  7. https://github.com/keycloak/keycloak/issues/39350
  8. https://github.com/keycloak/keycloak/pull/39366

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Certificate with Host Mismatchcwe-2970%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2603
CVE
CVE-2026-3047
CVE
CVE-2026-8830
CVE
CVE-2026-3009
CVE
CVE-2025-44005
CVE
CVE-2025-9293
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.