CVE-2025-7784: Improper Privilege Management
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
AI Analysis
Technical Summary
This vulnerability affects Red Hat build of Keycloak 26.2.x when FGAPv2 is enabled. It allows an administrative user assigned the manage-users role to escalate privileges to realm-admin by exploiting improper privilege enforcement in the Keycloak Admin Console. The flaw undermines the security model designed to separate administrative duties, potentially allowing unauthorized elevation of access rights within the realm. Red Hat has published security advisories (RHSA-2025:12015 and RHSA-2025:12016) and released Keycloak 26.2.6 packages and container images that fix this issue. The CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impact without availability impact.
Potential Impact
Successful exploitation allows an administrative user with limited privileges (manage-users role) to escalate to realm-admin privileges, compromising the intended administrative role separation. This can lead to unauthorized access and control over the realm's administrative functions, impacting confidentiality and integrity of the system. There are no reports of exploitation in the wild currently.
Mitigation Recommendations
Red Hat has released Keycloak version 26.2.6 containing a fix for this vulnerability. Users should update to this version as soon as possible. Before applying the update, back up existing installations, including applications, configuration files, and databases. For containerized deployments on OpenShift, updated images are also available. No additional mitigation steps are indicated by the vendor advisory.
CVE-2025-7784: Improper Privilege Management
Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects Red Hat build of Keycloak 26.2.x when FGAPv2 is enabled. It allows an administrative user assigned the manage-users role to escalate privileges to realm-admin by exploiting improper privilege enforcement in the Keycloak Admin Console. The flaw undermines the security model designed to separate administrative duties, potentially allowing unauthorized elevation of access rights within the realm. Red Hat has published security advisories (RHSA-2025:12015 and RHSA-2025:12016) and released Keycloak 26.2.6 packages and container images that fix this issue. The CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high confidentiality and integrity impact without availability impact.
Potential Impact
Successful exploitation allows an administrative user with limited privileges (manage-users role) to escalate to realm-admin privileges, compromising the intended administrative role separation. This can lead to unauthorized access and control over the realm's administrative functions, impacting confidentiality and integrity of the system. There are no reports of exploitation in the wild currently.
Mitigation Recommendations
Red Hat has released Keycloak version 26.2.6 containing a fix for this vulnerability. Users should update to this version as soon as possible. Before applying the update, back up existing installations, including applications, configuration files, and databases. For containerized deployments on OpenShift, updated images are also available. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-07-18T06:05:57.305Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:12015","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:12016","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-7784","vendor":"Red Hat"}]
Threat ID: 687a53a7a83201eaacf41efa
Added to database: 7/18/2025, 2:01:11 PM
Last enriched: 5/7/2026, 1:45:41 AM
Last updated: 5/9/2026, 8:09:46 PM
Views: 164
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.