CVE-2025-7784

MEDIUM

Red Hat build of Keycloak - Privilege Escalation via Fine-Grained Admin Permissions

Title source: llm
STIX 2.1

Description

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12015
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:12016
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-7784
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2381861

Scores

CVSS v3 6.5
EPSS 0.0009
EPSS Percentile 25.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (8)
org.keycloak/keycloak-services 26.2.0 - 26.2.6Maven
Red Hat/Red Hat build of Keycloak 26
Red Hat/Red Hat build of Keycloak 26.2 26.2-6
Red Hat/Red Hat build of Keycloak 26.2 26.2.6-1
Red Hat/Red Hat JBoss Enterprise Application Platform 8
Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat/Red Hat Single Sign-On 7
redhat/build_of_keycloak
Published Jul 18, 2025
Tracked Since Feb 18, 2026