CVE-2025-14083

Published: Jan 21, 2026Modified: Apr 2, 2026

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.2 / Impact: 1.4

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://access.redhat.com/errata/RHSA-2026:6477

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2026:6478

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2025-14083

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2419086

Source: secalert@redhat.com

Timeline

No history available yet.