Description

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.

INFO

Published Date :

2025-08-06T17:10:02.560Z

Last Modified :

2026-01-08T02:59:54.153Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8419 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Keycloak
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8419.

URL Resource
https://access.redhat.com/errata/RHSA-2025:15336 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15337 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15338 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:15339 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-8419 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2385776 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-8419 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-8419 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact