CVE-2025-9162 - Vulnerability Details

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process
allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Build Keycloak

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:15336
https://access.redhat.com/errata/RHSA-2025:15337
https://access.redhat.com/errata/RHSA-2025:15338
https://access.redhat.com/errata/RHSA-2025:15339
https://access.redhat.com/errata/RHSA-2025:16399
https://access.redhat.com/errata/RHSA-2025:16400
https://access.redhat.com/security/cve/CVE-2025-9162
https://bugzilla.redhat.com/show_bug.cgi?id=2389396
https://nvd.nist.gov/vuln/detail/CVE-2025-9162
https://www.cve.org/CVERecord?id=CVE-2025-9162

History

Mon, 22 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:16399

Mon, 22 Sep 2025 15:45:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHSA-2025:16400

Thu, 04 Sep 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:build_keycloak:~~	cpe:/a:redhat:build_keycloak:26.0 cpe:/a:redhat:build_keycloak:26.0::el9 cpe:/a:redhat:build_keycloak:26.2 cpe:/a:redhat:build_keycloak:26.2::el9
References		https://access.redhat.com/errata/RHSA-2025:15336 https://access.redhat.com/errata/RHSA-2025:15337 https://access.redhat.com/errata/RHSA-2025:15338 https://access.redhat.com/errata/RHSA-2025:15339

Thu, 21 Aug 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 21 Aug 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.
Title	org.keycloak/keycloak-model-storage-service: Variable injection into environment variables	Org.keycloak/keycloak-model-storage-service: variable injection into environment variables
First Time appeared		Redhat Redhat build Keycloak
CPEs		cpe:/a:redhat:build_keycloak:
Vendors & Products		Redhat Redhat build Keycloak
References		https://access.redhat.com/security/cve/CVE-2025-9162 https://bugzilla.redhat.com/show_bug.cgi?id=2389396

Wed, 20 Aug 2025 00:30:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		org.keycloak/keycloak-model-storage-service: Variable injection into environment variables
Weaknesses		CWE-526
References		https://nvd.nist.gov/vuln/detail/CVE-2025-9162 https://www.cve.org/CVERecord?id=CVE-2025-9162
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-08-21T15:40:25.136Z

Updated: 2025-09-22T16:03:47.359Z

Reserved: 2025-08-19T13:11:49.675Z

Link: CVE-2025-9162

Vulnrichment

Updated: 2025-08-21T19:59:14.033Z

NVD

Status : Awaiting Analysis

Published: 2025-08-21T16:15:35.067

Modified: 2025-09-22T16:15:46.420

Link: CVE-2025-9162

Redhat

Severity : Moderate

Publid Date: 2025-08-19T00:00:00Z

Links: CVE-2025-9162 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object