Red Hat Security Advisory: Red Hat build of Keycloak 26.0.10 Images Update
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.0.10 clusters. This erratum releases new images for Red Hat build of Keycloak 26.0.10 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak (CVE-2025-0604) * Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims (CVE-2025-1391)
AI Analysis
Technical Summary
This advisory covers two security vulnerabilities in the Red Hat build of Keycloak 26.0.10 for OpenShift. CVE-2025-0604 is an authentication bypass vulnerability due to a missing LDAP bind operation after a password reset, potentially allowing unauthorized access. CVE-2025-1391 is an improper authorization vulnerability in the Keycloak Organization Mapper component that permits unauthorized organization claims. Red Hat has released updated container images for Keycloak 26.0.10 and its Operator to remediate these issues. The advisory recommends applying these updated images in OpenShift Container Platform environments to mitigate the vulnerabilities.
Potential Impact
The authentication bypass vulnerability (CVE-2025-0604) could allow attackers to bypass authentication controls after a password reset due to missing LDAP bind verification. The improper authorization vulnerability (CVE-2025-1391) could enable unauthorized users to obtain organization claims they should not have access to, potentially leading to privilege escalation or unauthorized access within Keycloak-managed environments. Both vulnerabilities are rated as moderate severity by Red Hat.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.0.10 and the Keycloak Operator that address these vulnerabilities. Users should apply these updated images as provided by Red Hat to remediate the issues. Before applying this update, ensure all previously released errata relevant to your system have been applied. Refer to Red Hat's official update instructions at https://access.redhat.com/articles/11258 for guidance on applying the update. No alternative mitigations or workarounds are specified in the advisory.
Red Hat Security Advisory: Red Hat build of Keycloak 26.0.10 Images Update
Description
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.0.10 clusters. This erratum releases new images for Red Hat build of Keycloak 26.0.10 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak (CVE-2025-0604) * Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims (CVE-2025-1391)
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security vulnerabilities in the Red Hat build of Keycloak 26.0.10 for OpenShift. CVE-2025-0604 is an authentication bypass vulnerability due to a missing LDAP bind operation after a password reset, potentially allowing unauthorized access. CVE-2025-1391 is an improper authorization vulnerability in the Keycloak Organization Mapper component that permits unauthorized organization claims. Red Hat has released updated container images for Keycloak 26.0.10 and its Operator to remediate these issues. The advisory recommends applying these updated images in OpenShift Container Platform environments to mitigate the vulnerabilities.
Potential Impact
The authentication bypass vulnerability (CVE-2025-0604) could allow attackers to bypass authentication controls after a password reset due to missing LDAP bind verification. The improper authorization vulnerability (CVE-2025-1391) could enable unauthorized users to obtain organization claims they should not have access to, potentially leading to privilege escalation or unauthorized access within Keycloak-managed environments. Both vulnerabilities are rated as moderate severity by Red Hat.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.0.10 and the Keycloak Operator that address these vulnerabilities. Users should apply these updated images as provided by Red Hat to remediate the issues. Before applying this update, ensure all previously released errata relevant to your system have been applied. Refer to Red Hat's official update instructions at https://access.redhat.com/articles/11258 for guidance on applying the update. No alternative mitigations or workarounds are specified in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:2544
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-1391"]
- Cvss Version
- null
Threat ID: 6a3c0cf1eed863c81e2392e2
Added to database: 06/24/2026, 16:59:29 UTC
Last enriched: 06/24/2026, 17:05:58 UTC
Last updated: 06/27/2026, 20:51:17 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.