Description

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.

INFO

Published Date :

2026-01-21T06:13:31.263Z

Last Modified :

2026-02-10T01:04:33.642Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-14559 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-14559.

URL Resource
https://access.redhat.com/errata/RHSA-2026:2365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:2366 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-14559 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2421711 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-14559 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-14559 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact