CNNVD-202508-2603 Information

CNNVD ID

CNNVD-202508-2603

Related CVE

CVE-2025-9162

• CNNVD Published: 2025-08-21

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于占位符替换过程中可能注入恶意内容，可能导致注入攻击。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the possible infusion of malicious elements in the replacement of placeholders, which could lead to an attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2025-08-21

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2389396 https://access.redhat.com/security/cve/CVE-2025-9162 https://nvd.nist.gov/vuln/detail/CVE-2025-9162 https://vigilance.fr/vulnerability/Keycloak-information-disclosure-via-Imports-Variable-Resolution-48420

Patch

https://github.com/keycloak/keycloak/releases