- Description
- A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
- secalert@redhat.com
- CWE-266
- Hype score
- Not currently trending
CVE-2025-13881 Keycloak Admin API Privilege Escalation via Sensitive Attribute Retrieval https://t.co/wM4iwiBiFV
@VulmonFeeds
2 Feb 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sharing my latest security finding: CVE-2025-13881 in #Keycloak The issue was reported through @yeswehack and affects the Keycloak Admin API, where a limited admin could access user attributes that should not be exposed. More details in the redhat advisory:
@drak3hft7
30 Jan 2026
1791 Impressions
3 Retweets
30 Likes
19 Bookmarks
1 Reply
1 Quote