CVE-2025-7784

Published: Jul 18, 2025Modified: May 6, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: secalert@redhat.com (Secondary)

Description

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

Affected (1)

Products: Redhat: Build Of Keycloak

1 product

Build Of Keycloak

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Build Of Keycloak	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (5)

https://access.redhat.com/errata/RHSA-2025:12015

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2025:12016

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2025-7784

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2381861

Source: secalert@redhat.com

Issue Tracking

https://github.com/keycloak/keycloak/issues/39956

Source: secalert@redhat.com

Timeline

No history available yet.