CVE-2025-5416

Summary

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere

Workarounds

Currently, no mitigation is available for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References