Medium severity6.5NVD Advisory· Published Jul 18, 2025· Updated May 6, 2026
CVE-2025-7784
CVE-2025-7784
Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | >= 26.2.0, < 26.2.6 | 26.2.6 |
Affected products
2- cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- access.redhat.com/errata/RHSA-2025:12015nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2025:12016nvdVendor AdvisoryWEB
- access.redhat.com/security/cve/CVE-2025-7784nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-27gp-8389-hm4wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-7784ghsaADVISORY
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/keycloak/keycloak/issues/41137ghsaWEB
- github.com/keycloak/keycloak/pull/41168ghsaWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4wghsaWEB
- github.com/keycloak/keycloak/issues/39956nvd
News mentions
0No linked articles in our index yet.