Information Disclosure Vulnerability in Keycloak by Red Hat
CVE-2025-5416

2.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-5416?

A vulnerability has been identified in Keycloak that allows authenticated users to access the /admin/serverinfo endpoint, potentially exposing sensitive environment information. This unauthorized disclosure can lead to further security risks if exploited, highlighting the importance of controlling access to administrative endpoints and ensuring proper security measures are implemented.

References

https://access.redhat.com/security/cve/CVE-2025-5416

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2369601

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
May 31, 2025

Credit

Red Hat would like to thank Ibrahim Khorwat (Almadar Aljadid) and Murad Baggas (Almadar Aljadid) for reporting this issue.