Access Control Flaw in Keycloak Admin REST API by Red Hat
CVE-2025-14083

2.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 21 January 2026

What is CVE-2025-14083?

A vulnerability exists within the Keycloak Admin REST API, which may expose backend schema and configuration rules due to improper access control measures. This flaw could allow malicious actors to initiate targeted attacks or escalate privileges, compromising the security of the system. Organizations using affected versions of Keycloak should assess their risk and consider implementing mitigations to prevent unauthorized access.

References

https://access.redhat.com/security/cve/CVE-2025-14083

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2419086

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2026
Vulnerability Reserved
Dec 5, 2025

Credit

Red Hat would like to thank Muhammad Usman (HackerSSG) (securetackles) for reporting this issue.

JSON