ByteOS Network

NVD Vulnerability Details :

CVE-2025-14777

Awaiting Analysis

Source-secalert@redhat.com

Published At-16 Dec, 2025 | 05:16

Updated At-16 Dec, 2025 | 14:10

A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer (client) ID provided in the API request, but the backend database lookup and modification operations (findById, delete) only use the resourceId. This mismatch allows an authenticated attacker with fine-grained admin permissions for one client (e.g., Client A) to delete or update resources belonging to another client (Client B) within the same realm by supplying a valid resource ID.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.0	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Type: Primary

Version: 3.1

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Weaknesses

CWE ID	Type	Source
CWE-289	Primary	secalert@redhat.com

CWE ID: CWE-289

Type: Primary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/security/cve/CVE-2025-14777	secalert@redhat.com	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2422596	secalert@redhat.com	N/A

Hyperlink: https://access.redhat.com/security/cve/CVE-2025-14777

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2422596

Source: secalert@redhat.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History