Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Analysis
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.
RemediationAI
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
Same technique Information Disclosure
View allVendor StatusVendor
Debian
Bug #1088287| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-24573