CVE-2025-12110

by Fred · 23/10/2025

A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.

More information : https://access.redhat.com/security/cve/CVE-2025-12110

CVE-2025-12110

Similar

Recent Posts

Categories

CVE-2025-12110

Share this:

Similar

Recent Posts

Categories

Tags