CVE-2025-14083

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/security/cve/CVE-2025-14083
https://bugzilla.redhat.com/show_bug.cgi?id=2419086

Configurations

No configuration.

History

02 Apr 2026, 14:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:6477 - () https://access.redhat.com/errata/RHSA-2026:6478 -
Summary		(es) Se encontró una falla en la API REST de administración de Keycloak. Esta vulnerabilidad permite la exposición del esquema y las reglas del backend, lo que podría conducir a ataques dirigidos o a una escalada de privilegios mediante un control de acceso inadecuado.

21 Jan 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-21 13:16

Updated : 2026-06-17 08:35

NVD link : CVE-2025-14083

Mitre link : CVE-2025-14083

CVE.ORG link : CVE-2025-14083

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-14083", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-14083", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T14:22:19.962756Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "affected": [{"source": "secalert@redhat.com", "affectedData": [{"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4.11-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-14", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-14", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.11", "packageName": "keycloak-server", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}]}], "published": "2026-01-21T13:16:02.777", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:6477", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6478", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14083", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086", "source": "secalert@redhat.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la API REST de administraci\u00f3n de Keycloak. Esta vulnerabilidad permite la exposici\u00f3n del esquema y las reglas del backend, lo que podr\u00eda conducir a ataques dirigidos o a una escalada de privilegios mediante un control de acceso inadecuado."}], "lastModified": "2026-06-17T08:35:17.533", "sourceIdentifier": "secalert@redhat.com"}