CVE-2025-14082

Name of the Vulnerable Software and Affected Versions Keycloak versions (affected versions not specified)

Description A flaw exists in the Keycloak Admin REST API. This issue allows for the disclosure of sensitive role metadata due to inadequate authorization checks. The vulnerability is present on the /admin/realms/{realm}/roles API endpoint, where an attacker can potentially access role metadata without proper authorization. The vulnerable parameter is realm.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.