CVE-2025-9162

4.9 MEDIUM
Published: August 21, 2025 Modified: April 15, 2026
View on NVD

Description

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:15336
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15337
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15338
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15339
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:16399
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:16400
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-9162
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2389396
Source: secalert@redhat.com

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.9 / 10.0
EPSS (Exploit Probability)
0.0%
7th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-526

Related CVEs

CVE-2026-7724 5.0
CVE-2026-7723 7.3
CVE-2026-7722 5.3
CVE-2026-7721 6.3
CVE-2026-7720 6.3