CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
redhatCNA
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:21370
https://access.redhat.com/errata/RHSA-2025:21371
https://access.redhat.com/errata/RHSA-2025:22088
https://access.redhat.com/errata/RHSA-2025:22089
https://access.redhat.com/security/cve/CVE-2025-12150
https://bugzilla.redhat.com/show_bug.cgi?id=2406192
https://github.com/keycloak/keycloak/issues/43723