Red Hat Security Advisory: Red Hat build of Keycloak 26.0.13 Images Update
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.0.13 clusters. This erratum releases new images for Red Hat build of Keycloak 26.0.13 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Phishing attack via email verification step in first login flow
AI Analysis
Technical Summary
This advisory covers two security vulnerabilities in Red Hat's build of Keycloak 26.2.6 images for OpenShift. CVE-2025-7365 involves a phishing attack vector exploiting the email verification step during the first login flow, categorized under CWE-346 (Origin Validation Error). CVE-2025-7784 is a privilege escalation vulnerability in the Keycloak Admin Console when FGAPv2 is enabled, related to CWE-269 (Improper Privilege Management). Red Hat has released updated container images to address these issues, intended for use in on-premise or private cloud OpenShift deployments. The advisory does not specify affected version ranges but aligns with the 26.2.6 release. No CVSS scores are provided. The vulnerabilities impact authentication and administrative functions, potentially allowing phishing attacks and unauthorized privilege escalation.
Potential Impact
The phishing vulnerability (CVE-2025-7365) could allow attackers to exploit the email verification step in the first login flow, potentially deceiving users and compromising authentication processes. The privilege escalation vulnerability (CVE-2025-7784) could allow an attacker with access to the Keycloak Admin Console to gain elevated privileges when FGAPv2 is enabled, potentially leading to unauthorized administrative actions. Both vulnerabilities affect the security posture of the authentication server and user management capabilities within the affected Keycloak deployment.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.2.6 that address these vulnerabilities. Users should apply these updated images as provided by Red Hat. Before updating, it is recommended to back up existing installations, including applications, configuration files, and databases. Since this is not a cloud service, remediation is managed by the user applying the updated images. Patch status is confirmed by the vendor advisory indicating new images are available. No additional mitigation steps are specified by Red Hat.
Red Hat Security Advisory: Red Hat build of Keycloak 26.0.13 Images Update
Description
Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.0.13 clusters. This erratum releases new images for Red Hat build of Keycloak 26.0.13 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Phishing attack via email verification step in first login flow
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security vulnerabilities in Red Hat's build of Keycloak 26.2.6 images for OpenShift. CVE-2025-7365 involves a phishing attack vector exploiting the email verification step during the first login flow, categorized under CWE-346 (Origin Validation Error). CVE-2025-7784 is a privilege escalation vulnerability in the Keycloak Admin Console when FGAPv2 is enabled, related to CWE-269 (Improper Privilege Management). Red Hat has released updated container images to address these issues, intended for use in on-premise or private cloud OpenShift deployments. The advisory does not specify affected version ranges but aligns with the 26.2.6 release. No CVSS scores are provided. The vulnerabilities impact authentication and administrative functions, potentially allowing phishing attacks and unauthorized privilege escalation.
Potential Impact
The phishing vulnerability (CVE-2025-7365) could allow attackers to exploit the email verification step in the first login flow, potentially deceiving users and compromising authentication processes. The privilege escalation vulnerability (CVE-2025-7784) could allow an attacker with access to the Keycloak Admin Console to gain elevated privileges when FGAPv2 is enabled, potentially leading to unauthorized administrative actions. Both vulnerabilities affect the security posture of the authentication server and user management capabilities within the affected Keycloak deployment.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.2.6 that address these vulnerabilities. Users should apply these updated images as provided by Red Hat. Before updating, it is recommended to back up existing installations, including applications, configuration files, and databases. Since this is not a cloud service, remediation is managed by the user applying the updated images. Patch status is confirmed by the vendor advisory indicating new images are available. No additional mitigation steps are specified by Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:12016
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-7784"]
- Cvss Version
- null
Threat ID: 6a3c0cf1eed863c81e2392b3
Added to database: 06/24/2026, 16:59:29 UTC
Last enriched: 06/24/2026, 17:05:11 UTC
Last updated: 07/01/2026, 11:51:10 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.