Vulnerability DatabaseCVE-2025-65073
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-65073
November 17, 2025
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
Affected Packages
keystone (PYTHON):
Affected version(s) =27.0.0.0rc1 <27.0.0
Fix Suggestion:
Update to version 27.0.0
keystone (PYTHON):
Affected version(s) =28.0.0.0rc1 <28.0.0
Fix Suggestion:
Update to version 28.0.0
Related ResourcesĀ (4)
https://nvd.nist.gov/vuln/detail/CVE-2025-65073
https://github.com/openstack/keystone
https://www.openwall.com/lists/oss-security/2025/11/04/2
http://www.openwall.com/lists/oss-security/2025/11/17/6
Do you need more information?
Contact Us
CVSS v4
Base Score:
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
HIGH
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Incorrect Authorization
CWE-863
EPSS
Base Score:
0.05