๐Ÿ” CVE Alert

CVE-2025-8419

MEDIUM 5.3

Org.keycloak/keycloak-services: keycloak smtp inject vulnerability

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.

CWE CWE-93
Vendor keycloak
Product keycloak
Published Aug 6, 2025
Last Updated Jan 8, 2026
Stay Ahead of the Next One

Get instant alerts for keycloak keycloak

Be the first to know when new medium vulnerabilities affecting keycloak keycloak are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Affected Versions

Keycloak / keycloak
0 < 26.3.3
Red Hat / Red Hat build of Keycloak 26.0
All versions affected
Red Hat / Red Hat build of Keycloak 26.0
All versions affected
Red Hat / Red Hat build of Keycloak 26.0
All versions affected
Red Hat / Red Hat build of Keycloak 26.0
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15336 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15337 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15338 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:15339 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-8419 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2385776