CVE-2025-14083: Keycloak Admin REST API exposes backend schema and rules

January 21, 2026

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

References

access.redhat.com/security/cve/CVE-2025-14083
bugzilla.redhat.com/show_bug.cgi?id=2419086
github.com/advisories/GHSA-594w-2fwp-jwrc
github.com/keycloak/keycloak
github.com/keycloak/keycloak/issues/45493
nvd.nist.gov/vuln/detail/CVE-2025-14083

Code Behaviors & Features

Detect and mitigate CVE-2025-14083 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →