EUVD-2025-25456

Keycloak Potential Variable Reference in Model Storage Services...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

org.keycloak/keycloak-model-storage-service: Variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

Keycloak <= 26.3.3 Code Injection (GHSA-w2wj-hw98-233h)

The version of Keycloak installed on the remote host is prior or equal to 26.3.3. It is, therefore, affected by code injection vulnerability as reference in GHSA-w2wj-hw98-233h advisory. - A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource...

Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

GHSA-W2WJ-HW98-233H Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

CVE-2025-9162

The CVE-2025-9162 issue affects Keycloak’s org.keycloak:keycloak-model-storage-service, where the KeycloakRealmImport custom resource substitutes placeholders in imported realm documents, potentially referencing environment variables. This substitution can enable injection of malicious content du...

CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...