CVE-2025-5416

Low CVSS 2.7

Overview

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

CWE: CWE-497 Published: 2025-06-20T16:15:29.553

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.7 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags