Low severity2.7GHSA Advisory· Published Dec 10, 2025· Updated Apr 15, 2026
CVE-2025-14082
CVE-2025-14082
Description
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 26.5.0 | 26.5.0 |
Affected products
17- osv-coords16 versionspkg:apk/chainguard/keycloak-26.2pkg:apk/chainguard/keycloak-26.2-compatpkg:apk/chainguard/keycloak-26.3-compatpkg:apk/chainguard/keycloak-26.4-compatpkg:apk/chainguard/keycloak-26.4-operatorpkg:apk/chainguard/keycloak-26.4-operator-compatpkg:apk/chainguard/keycloak-fips-26.2pkg:apk/chainguard/keycloak-fips-26.3-operatorpkg:apk/chainguard/keycloak-fips-26.3-operator-compatpkg:apk/chainguard/keycloak-fips-26.4-operatorpkg:apk/chainguard/keycloak-fips-26.4-operator-compatpkg:apk/wolfi/keycloak-26.3-compatpkg:apk/wolfi/keycloak-26.4-compatpkg:apk/wolfi/keycloak-26.4-operatorpkg:apk/wolfi/keycloak-26.4-operator-compatpkg:maven/org.keycloak/keycloak-services
< 26.2.5-r7+ 15 more
- (no CPE)range: < 26.2.5-r7
- (no CPE)range: < 26.2.5-r7
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.2.5-r9
- (no CPE)range: < 26.3.5-r5
- (no CPE)range: < 26.3.5-r5
- (no CPE)range: < 26.4.7-r12
- (no CPE)range: < 26.4.7-r12
- (no CPE)range: < 26.3.5-r4
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.4.7-r0
- (no CPE)range: < 26.5.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6q37-7866-h27jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-14082ghsaADVISORY
- access.redhat.com/errata/RHSA-2026:6477nvdWEB
- access.redhat.com/errata/RHSA-2026:6478nvdWEB
- access.redhat.com/security/cve/CVE-2025-14082nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371ghsaWEB
News mentions
0No linked articles in our index yet.