VDB
CVE-2025-14559
CVE-2025-14559
PUBLISHED
CVSS 6.5 MEDIUM
Keycloak services allows the issuance of access and refresh tokens for disabled users
EPSS 0.02% · 4.1th percentile
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.02%
4.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4.9 | |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-10, 26.4-10 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.9-1, 26.4.9-1 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-11, 26.4-11 |
| Maven | org.keycloak:keycloak-services | 0, 26.5.0, 0 |
Timeline
- Jan 21, 2026 CVE Published
- Jan 21, 2026 EPSS Score
- Jan 21, 2026 PoC Published
- Jan 24, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 3, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 13, 2026 CVE Updated
References
- RHSA-2026:2365 vendor-advisory
- RHSA-2026:2366 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-14559 vdb
- RHBZ#2421711 issue
- https://nvd.nist.gov/vuln/detail/CVE-2025-14559 advisory
- https://github.com/keycloak/keycloak/issues/45651 url
- https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659 url
- https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff url
- https://github.com/keycloak/keycloak package
- https://github.com/keycloak/keycloak/releases/tag/26.5.2 url