Home > Vulnerability Database > CVE-2025-12390

Mend.io Vulnerability Database

CVE-2025-12390

Good to know:

Date: October 28, 2025

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.

Severity Score

6.0

Related Resources (4)

Url: https://access.redhat.com/security/cve/CVE-2025-12390

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2406793

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12390

Url: https://www.mend.io/vulnerability-database/CVE-2025-12390

Severity Score

6.0

Weakness Type (CWE)

Session Fixation

CWE-384

CVSS v3.1

Base Score:	6.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12390

Good to know:

Date: October 28, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?