Deserialization Vulnerability in Keycloak LDAP User Federation Provider
CVE-2025-13467

5.5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.2
Red Hat Build Of Keycloak 26.2.11
Red Hat Build Of Keycloak 26.4
Red Hat Build Of Keycloak 26.4.6
Vendor
CVE Published:
25 November 2025

What is CVE-2025-13467?

A vulnerability has been identified in the Keycloak LDAP User Federation provider that allows an authenticated realm administrator to inadvertently trigger the deserialization of untrusted Java objects through a malicious configuration of an LDAP server. This flaw potentially exposes the system to various forms of attacks, emphasizing the importance for administrators to apply security patches and review configurations to mitigate the risks associated with unauthorized access and data manipulation.

Affected Version(s)

Red Hat build of Keycloak 26.2 26.2.11-1

Red Hat build of Keycloak 26.2 26.2-12

Red Hat build of Keycloak 26.2 26.2-12

References

https://access.redhat.com/errata/RHSA-2025:22088
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22089
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:22090
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-13467 : Deserialization Vulnerability in Keycloak LDAP User Federation Provider