Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the /admin/serverinfo endpoint...

CVE-2025-5416

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information...

PT-2025-26440 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A vulnerability has been identified that could lead to unauthorized information disclosure. It requires an already authenticated user and can inadvertently provide sensitive environment...

Red Hat build of Keycloak 安全漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...