CVE-2025-14083

{"id": "CVE-2025-14083", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2026-01-21T13:16:02.777", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-14083", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419086", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control."}], "lastModified": "2026-01-26T15:04:59.737", "sourceIdentifier": "secalert@redhat.com"}