CVE-2025-14082
Severity CVSS v4.0:
Pending analysis
Type:
CWE-284
Improper Access Control
Publication date:
10/12/2025
Last modified:
15/04/2026
Description
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
Impact
Base Score 3.x
2.70
Severity 3.x
LOW