CVE-2025-14559 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading…
Medium CVSS: 6.5

CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
Vendor
-
Product
-
CWE
CWE-840
Yayın Tarihi
2026-01-21 07:16:00
Güncelleme
2026-02-10 02:15:51
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-840 MEDIUM 2026

Referanslar

https://access.redhat.com/errata/RHSA-2026:2365 https://access.redhat.com/errata/RHSA-2026:2366 https://access.redhat.com/security/cve/CVE-2025-14559 https://bugzilla.redhat.com/show_bug.cgi?id=2421711