CVE-2025-14083
LOW2.7EPSS 0.01%Keycloak Admin REST API exposes backend schema and rules
發布日:2026/1/21修改日:2026/4/2
描述
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
受影響套件(1)
- Maven/org.keycloak:keycloak-servicesfrom 0, <= 26.2.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-14083
- PATCHhttps://github.com/keycloak/keycloak
- WEBhttps://access.redhat.com/errata/RHSA-2026:6477
- WEBhttps://access.redhat.com/errata/RHSA-2026:6478
- WEBhttps://access.redhat.com/security/cve/CVE-2025-14083
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2419086
- WEBhttps://github.com/keycloak/keycloak/issues/45493