CVE-2025-9162

Medium CVSS: 4.9

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process
allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.

Vendor

Product

CWE

CWE-526

Yayın Tarihi

2025-08-21 16:15:35

Güncelleme

2025-09-22 16:15:46

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-526 MEDIUM 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:15336 https://access.redhat.com/errata/RHSA-2025:15337 https://access.redhat.com/errata/RHSA-2025:15338 https://access.redhat.com/errata/RHSA-2025:15339 https://access.redhat.com/errata/RHSA-2025:16399 https://access.redhat.com/errata/RHSA-2025:16400 https://access.redhat.com/security/cve/CVE-2025-9162 https://bugzilla.redhat.com/show_bug.cgi?id=2389396