CVE-2025-5416
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-08-13
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | keycloak | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5416 is an information disclosure vulnerability in the Red Hat build of Keycloak. It occurs because the /admin/serverinfo endpoint exposes sensitive internal server details. Although direct access to this endpoint by an authenticated user returns a 401 Unauthorized error, the user's browser automatically sends a request to this endpoint when logging in or accessing the admin console. This response contains sensitive environment information that can be viewed through browser developer tools or HTTP proxies, allowing any authenticated user to unintentionally access internal server details. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive internal server information to any authenticated user. Such information exposure could potentially aid attackers or malicious insiders in understanding the server environment, which might be leveraged for further attacks or exploitation. However, the vulnerability has a low severity rating and does not directly impact system integrity or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests made by authenticated users to the /admin/serverinfo endpoint. You can use browser developer tools or HTTP proxy tools to inspect if responses from this endpoint contain sensitive server information. On the network, you can use tools like curl or wget with an authenticated session to request the /admin/serverinfo endpoint and observe the response. For example, using curl: curl -b cookies.txt https://<keycloak-server>/admin/serverinfo -v. Additionally, network traffic capture tools like tcpdump or Wireshark can be used to capture and analyze HTTP traffic for responses containing sensitive data from this endpoint. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/serverinfo endpoint to only highly trusted users, monitoring and auditing authenticated user access to this endpoint, and educating users about the risk of exposing sensitive information through browser developer tools or HTTP proxies. Applying any available patches or updates from Red Hat or Keycloak that address this vulnerability is also recommended. Additionally, consider network-level controls to limit exposure of the admin console and its endpoints. [1]