CVE-2025-14082: Improper Access Control in Red Hat Red Hat build of Keycloak 26.4
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
AI Analysis
Technical Summary
This vulnerability in Red Hat build of Keycloak 26.4 arises from insufficient authorization checks in the Admin REST API endpoint /admin/realms/{realm}/roles. It allows an attacker with high privileges to access sensitive role metadata information that should otherwise be protected. The CVSS 3.1 base score is 2.7, reflecting a low severity impact limited to confidentiality with no impact on integrity or availability. Red Hat has released Keycloak 26.4.11 packages and updated container images that include fixes for this issue among others. The vendor advisory recommends applying these updates after backing up existing installations.
Potential Impact
The vulnerability allows information disclosure of sensitive role metadata via improper access control in the Admin REST API. Exploitation requires high privileges, limiting the scope of impact. There is no impact on data integrity or service availability. No known exploits are reported in the wild. The overall severity is low.
Mitigation Recommendations
Red Hat has released fixed packages and updated container images for Red Hat build of Keycloak 26.4.11 that address CVE-2025-14082. Users should back up their existing installations, including configurations and databases, before applying the update. Applying the official update from Red Hat Customer Portal is the recommended remediation. There is no indication that this vulnerability is mitigated by default or requires no action.
CVE-2025-14082: Improper Access Control in Red Hat Red Hat build of Keycloak 26.4
Description
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Red Hat build of Keycloak 26.4 arises from insufficient authorization checks in the Admin REST API endpoint /admin/realms/{realm}/roles. It allows an attacker with high privileges to access sensitive role metadata information that should otherwise be protected. The CVSS 3.1 base score is 2.7, reflecting a low severity impact limited to confidentiality with no impact on integrity or availability. Red Hat has released Keycloak 26.4.11 packages and updated container images that include fixes for this issue among others. The vendor advisory recommends applying these updates after backing up existing installations.
Potential Impact
The vulnerability allows information disclosure of sensitive role metadata via improper access control in the Admin REST API. Exploitation requires high privileges, limiting the scope of impact. There is no impact on data integrity or service availability. No known exploits are reported in the wild. The overall severity is low.
Mitigation Recommendations
Red Hat has released fixed packages and updated container images for Red Hat build of Keycloak 26.4.11 that address CVE-2025-14082. Users should back up their existing installations, including configurations and databases, before applying the update. Applying the official update from Red Hat Customer Portal is the recommended remediation. There is no indication that this vulnerability is mitigated by default or requires no action.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2025-12-05T05:32:13.023Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:6477","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:6478","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-14082","vendor":"Red Hat"}]
Threat ID: 69393d10fd479f45ea600bd4
Added to database: 12/10/2025, 9:27:44 AM
Last enriched: 4/20/2026, 5:35:49 AM
Last updated: 5/8/2026, 2:27:08 PM
Views: 392
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.