CVE-2025-14083
LOW2.7EPSS 0.01%Keycloak Admin REST API exposes backend schema and rules
Published: 1/21/2026Modified: 4/2/2026
Also known as:GHSA-594w-2fwp-jwrc
Description
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
Affected packages (1)
- Maven/org.keycloak:keycloak-servicesfrom 0, <= 26.2.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-14083
- PATCHhttps://github.com/keycloak/keycloak
- WEBhttps://access.redhat.com/errata/RHSA-2026:6477
- WEBhttps://access.redhat.com/errata/RHSA-2026:6478
- WEBhttps://access.redhat.com/security/cve/CVE-2025-14083
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2419086
- WEBhttps://github.com/keycloak/keycloak/issues/45493