CVE-2025-7784

Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

CVSS 6.5 MEDIUMEPSS 0.4%CWE-269

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected products

keycloakRed Hat · Red Hat build of Keycloak 26 Red Hat · Red Hat build of Keycloak 26.2 Red Hat · Red Hat JBoss Enterprise Application Platform 8 Red Hat · Red Hat JBoss Enterprise Application Platform Expansion Pack Red Hat · Red Hat Single Sign-On 7

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2025:12015 https://access.redhat.com/errata/RHSA-2025:12016 https://access.redhat.com/security/cve/CVE-2025-7784 https://bugzilla.redhat.com/show_bug.cgi?id=2381861 https://github.com/keycloak/keycloak/issues/39956