CNNVD-202512-2003 Information

CNNVD ID

CNNVD-202512-2003

Related CVE

CVE-2025-14082

• CNNVD Published: 2025-12-10

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在访问控制错误漏洞，该漏洞源于授权检查不足，可能导致敏感角色元数据泄露。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a bug in access control in Keycloak, which stems from inadequate authorization checks and may lead to the disclosure of metadata on sensitive roles.

Hazard Level

Critical

Vulnerability Type

访问控制错误

Affected Vendor

Keycloak

Published

2025-12-10

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-14082 https://bugzilla.redhat.com/show_bug.cgi?id=2419078