CVE Details
Basic Information
| Title | Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled) |
|---|---|
| Type | cve |
| Published | 2025-07-18T13:48:45.713Z |
| Modified | 2025-07-18T14:56:11.472Z |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Build of Keycloak |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
AI Analysis
| AI Description | A privilege escalation flaw in Keycloak’s admin console when FGAPv2 is enabled allows users with manage-users role to elevate to realm-admin, compromising administrative separation and posing security risks. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Red Hat |
| AI Product | Keycloak |
Additional Information
| CWE List | CWE-269 |
|---|---|
| Source | redhat |
Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.