CVE-2025-5416

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-5416	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2369601	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*

History

13 Aug 2025, 13:44

Type	Values Removed	Values Added
First Time		Redhat Redhat keycloak
References	~~() https://access.redhat.com/security/cve/CVE-2025-5416 -~~	() https://access.redhat.com/security/cve/CVE-2025-5416 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2369601 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2369601 - Issue Tracking, Vendor Advisory
CPE		cpe:2.3:a:redhat:keycloak:-:::::::*

23 Jun 2025, 20:16

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en Keycloak que podría provocar la divulgación no autorizada de información. Si bien requiere un usuario ya autenticado, el endpoint /admin/serverinfo puede proporcionar inadvertidamente información confidencial del entorno.

20 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-20 16:15

Updated : 2025-08-13 13:44

NVD link : CVE-2025-5416

Mitre link : CVE-2025-5416

CVE.ORG link : CVE-2025-5416

JSON object : View

Products Affected

redhat

keycloak

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2025-5416", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2025-06-20T16:15:29.553", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-5416", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369601", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Keycloak que podr\u00eda provocar la divulgaci\u00f3n no autorizada de informaci\u00f3n. Si bien requiere un usuario ya autenticado, el endpoint /admin/serverinfo puede proporcionar inadvertidamente informaci\u00f3n confidencial del entorno."}], "lastModified": "2025-08-13T13:44:11.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}