Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.2%top 87%

Red Hat Security Advisory: Red Hat build of Keycloak 26.0.13 Images Update

0
Medium
Published: 07/28/2025 (07/28/2025, 16:45:24 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.0.13 clusters. This erratum releases new images for Red Hat build of Keycloak 26.0.13 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Phishing attack via email verification step in first login flow

Affected software

Affected versions
Red HatRed Hat build of KeycloakRed Hat build of Keycloak 26.0ppc64lerhbk/keycloak-rhel9@sha256:7851520291345ab2fe693ba86cfab7a4c4333d1b10526585f49a8ebf1a77f8b6_ppc64le

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/24/2026, 17:05:11 UTC

Technical Analysis

This advisory covers two security vulnerabilities in Red Hat's build of Keycloak 26.2.6 images for OpenShift. CVE-2025-7365 involves a phishing attack vector exploiting the email verification step during the first login flow, categorized under CWE-346 (Origin Validation Error). CVE-2025-7784 is a privilege escalation vulnerability in the Keycloak Admin Console when FGAPv2 is enabled, related to CWE-269 (Improper Privilege Management). Red Hat has released updated container images to address these issues, intended for use in on-premise or private cloud OpenShift deployments. The advisory does not specify affected version ranges but aligns with the 26.2.6 release. No CVSS scores are provided. The vulnerabilities impact authentication and administrative functions, potentially allowing phishing attacks and unauthorized privilege escalation.

Potential Impact

The phishing vulnerability (CVE-2025-7365) could allow attackers to exploit the email verification step in the first login flow, potentially deceiving users and compromising authentication processes. The privilege escalation vulnerability (CVE-2025-7784) could allow an attacker with access to the Keycloak Admin Console to gain elevated privileges when FGAPv2 is enabled, potentially leading to unauthorized administrative actions. Both vulnerabilities affect the security posture of the authentication server and user management capabilities within the affected Keycloak deployment.

Mitigation Recommendations

Red Hat has released updated container images for Keycloak 26.2.6 that address these vulnerabilities. Users should apply these updated images as provided by Red Hat. Before updating, it is recommended to back up existing installations, including applications, configuration files, and databases. Since this is not a cloud service, remediation is managed by the user applying the updated images. Patch status is confirmed by the vendor advisory indicating new images are available. No additional mitigation steps are specified by Red Hat.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2025:12016
Cve Count
2
Additional Cves
["CVE-2025-7784"]
Cvss Version
null

Threat ID: 6a3c0cf1eed863c81e2392b3

Added to database: 06/24/2026, 16:59:29 UTC

Last enriched: 06/24/2026, 17:05:11 UTC

Last updated: 07/01/2026, 11:51:10 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses