Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Mon, 11 Aug 2025 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat build Of Keycloak
|
|
CPEs | cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:* | |
Vendors & Products |
Redhat build Of Keycloak
|
Tue, 29 Jul 2025 10:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak:26.2::el9 | |
References |
|
Fri, 18 Jul 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 18 Jul 2025 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. |
Title | org.keycloak/keycloak-services: Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled) | Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled) |
First Time appeared |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat jbosseapxp Redhat red Hat Single Sign On |
|
CPEs | cpe:/a:redhat:build_keycloak: cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 |
|
Vendors & Products |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat jbosseapxp Redhat red Hat Single Sign On |
|
References |
|
Fri, 18 Jul 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | org.keycloak/keycloak-services: Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled) | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-07-29T10:19:02.221Z
Reserved: 2025-07-18T06:05:57.305Z
Link: CVE-2025-7784

Updated: 2025-07-18T14:54:27.368Z

Status : Analyzed
Published: 2025-07-18T14:15:26.983
Modified: 2025-08-11T19:16:40.103
Link: CVE-2025-7784


No data.