OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

GHSA-hcqg-5g63-7j9h · CVE-2025-65073

Published Nov 17, 2025 · Modified Nov 18, 2025

Description

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-65073
PACKAGE https://github.com/openstack/keystone
WEB https://www.openwall.com/lists/oss-security/2025/11/04/2
WEB http://www.openwall.com/lists/oss-security/2025/11/17/6

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes