Information Disclosure Vulnerability in Keycloak Admin REST API by Red Hat
CVE-2025-14082

2.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-14082?

A vulnerability exists in the Keycloak Admin REST API that compromises the security of sensitive role metadata. The flaw arises from inadequate authorization checks on the /admin/realms/{realm}/roles endpoint, allowing unauthorized users to access potentially sensitive information. This issue underscores the necessity for robust authentication mechanisms and careful validation within API endpoints to protect against unauthorized data exposure.

References

https://access.redhat.com/security/cve/CVE-2025-14082

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2419078

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Dec 5, 2025

Credit

Red Hat would like to thank Muhammad Usman for reporting this issue.

JSON