CVE-2025-9162
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-09-22
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | keycloak | 26.0.15 |
| redhat | keycloak | 26.2.8 |
| redhat | keycloak | 26.2.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-526 | The product uses an environment variable to store unencrypted sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the KeycloakRealmImport custom resource of org.keycloak/keycloak-model-storage-service. It involves the substitution of placeholders within imported realm documents, which can reference environment variables. This substitution process is flawed and allows attackers to perform injection attacks by crafting malicious realm documents that are processed during the realm import procedure.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can inject malicious content during the realm import process in Keycloak. This can lead to unintended consequences within the Keycloak environment, potentially compromising the security or integrity of the system.