Keycloak Path Traversal Vulnerability in Vault Key Handling on Windows

Vulnerability

A path traversal vulnerability has been identified in Keycloak's vault key management on Windows. The issue arises because the previous fix for CVE-2024-10492 did not consider the Windows file separator, allowing high-privilege administrators to craft vault secret lookups that probe for files outside the expected realm context. This vulnerability represents a platform-specific variant and an incomplete fix of CVE-2024-10492.

Impact

Exploitation of this vulnerability could lead to unauthorized file access, allowing an administrator to read files outside the intended realm context.

Added: Sep 5, 2025, 8:32 PM

Updated: Sep 5, 2025, 8:32 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Path Traversal Vulnerability in Vault Key Handling on Windows

Vulnerability

Impact

Affected Products

Red Hat Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating