CVE-2025-9162
Description
A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution processallows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.
Risk Information
Base Score
4.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.022
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-9162 are fixed in Keycloak - keycloak-model-storage-services 26.2.9 | Windows |
| Vulnerabilities CVE-2025-9162 are fixed in Keycloak - keycloak-model-storage-services 26.3.4 | Windows |
| Vulnerabilities CVE-2025-9162 are affected in Keycloak - keycloak-model-storage-services 26.2.8 | Windows |
| Vulnerabilities CVE-2025-9162 are fixed in Keycloak - keycloak-model-storage-services for Linux 26.2.9 | Linux |
| Vulnerabilities CVE-2025-9162 are fixed in Keycloak - keycloak-model-storage-services for Linux 26.3.4 | Linux |
| Vulnerabilities CVE-2025-9162 are affected in Keycloak - keycloak-model-storage-services for Linux 26.2.8 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234