A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Fixes

Solution

No solution given by the vendor.


Workaround

Currently, no mitigation is available for this vulnerability.

History

Wed, 13 Aug 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat keycloak
CPEs cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
Vendors & Products Redhat keycloak

Fri, 20 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 20 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Title keycloak-core: Keycloak Environment Information Keycloak-core: keycloak environment information
First Time appeared Redhat
Redhat build Keycloak
CPEs cpe:/a:redhat:build_keycloak:
Vendors & Products Redhat
Redhat build Keycloak
References

Fri, 20 Jun 2025 02:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title keycloak-core: Keycloak Environment Information
Weaknesses CWE-497
References
Metrics threat_severity

None

cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-13T13:52:15.716Z

Reserved: 2025-05-31T22:31:34.145Z

Link: CVE-2025-5416

cve-icon Vulnrichment

Updated: 2025-06-20T17:19:36.621Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-20T16:15:29.553

Modified: 2025-08-13T13:44:11.040

Link: CVE-2025-5416

cve-icon Redhat

Severity : Low

Publid Date: 2025-06-19T03:46:39Z

Links: CVE-2025-5416 - Bugzilla

cve-icon OpenCVE Enrichment

No data.