CVE-2025-65073

Aliases:GHSA-hcqg-5g63-7j9h

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2025-65073 DLA-4367-1 DSA-6056-1 RHSA-2026:1958 UBUNTU-CVE-2025-65073 USN-7926-1

Deferred

Published: 17 Nov 2025, 00:00

Last modified:17 Nov 2025, 23:04

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Nov 2025, 00:00

Published

Vulnerability first disclosed

17 Nov 2025, 23:04

Last Modified

Vulnerability information updated

Description

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Systems

openstack•keystone
< 26.0.1 | 27.0.0 | 28.0.0
PyPI•keystone
< 26.0.1 | ≥ 27.0.0.0rc1, < 27.0.0 | ≥ 28.0.0.0rc1, < 28.0.0