Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9f1k-z7z2-d7cc
Summary
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
A Privilege Escalation vulnerability was identified in the Keycloak identity and access management solution, specifically when FGAPv2 is enabled in version 26.2.x. The flaw lies in the admin permission enforcement logic, where a user with manage-users privileges can self-assign realm-admin rights. The escalation occurs due to missing privilege boundary checks in role mapping operations via the admin REST interface. A malicious administrator with limited permissions can exploit this by editing their own user roles, gaining unauthorized full access to realm configuration and user data.

This issue has been fixed in versions 26.2.6, and 26.3.0.
Aliases
0
alias CVE-2025-7784
1
alias GHSA-27gp-8389-hm4w
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.0
purl pkg:maven/org.keycloak/keycloak-services@26.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-bhrr-nn9f-7udu
6
vulnerability VCID-cdsa-wmby-ebbq
7
vulnerability VCID-d2rd-6u56-yfd8
8
vulnerability VCID-e4ub-v4ef-affb
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.0
1
url pkg:maven/org.keycloak/keycloak-services@26.2.1
purl pkg:maven/org.keycloak/keycloak-services@26.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-bhrr-nn9f-7udu
6
vulnerability VCID-cdsa-wmby-ebbq
7
vulnerability VCID-d2rd-6u56-yfd8
8
vulnerability VCID-e4ub-v4ef-affb
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.1
2
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-uuf2-u7xh-uuef
12
vulnerability VCID-ver5-9t6m-c3ef
13
vulnerability VCID-w5f1-xryr-fucq
14
vulnerability VCID-x4aw-v76q-vbdc
15
vulnerability VCID-xd7x-aevv-cfcp
16
vulnerability VCID-xfnw-15sz-zyfr
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
3
url pkg:maven/org.keycloak/keycloak-services@26.2.3
purl pkg:maven/org.keycloak/keycloak-services@26.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-ver5-9t6m-c3ef
12
vulnerability VCID-w5f1-xryr-fucq
13
vulnerability VCID-x4aw-v76q-vbdc
14
vulnerability VCID-xd7x-aevv-cfcp
15
vulnerability VCID-xfnw-15sz-zyfr
16
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3
4
url pkg:maven/org.keycloak/keycloak-services@26.2.4
purl pkg:maven/org.keycloak/keycloak-services@26.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-ver5-9t6m-c3ef
12
vulnerability VCID-w5f1-xryr-fucq
13
vulnerability VCID-x4aw-v76q-vbdc
14
vulnerability VCID-xd7x-aevv-cfcp
15
vulnerability VCID-xfnw-15sz-zyfr
16
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.4
5
url pkg:maven/org.keycloak/keycloak-services@26.2.5
purl pkg:maven/org.keycloak/keycloak-services@26.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-ver5-9t6m-c3ef
12
vulnerability VCID-w5f1-xryr-fucq
13
vulnerability VCID-x4aw-v76q-vbdc
14
vulnerability VCID-xd7x-aevv-cfcp
15
vulnerability VCID-xfnw-15sz-zyfr
16
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.5
References
0
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12015
1
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12016
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/security/cve/CVE-2025-7784
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.0315
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05442
published_at 2026-04-04T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05465
published_at 2026-04-12T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-11T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05505
published_at 2026-04-09T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05484
published_at 2026-04-08T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05449
published_at 2026-04-07T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.05609
published_at 2026-04-13T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05559
published_at 2026-04-16T12:55:00Z
9
value 0.00021
scoring_system epss
scoring_elements 0.05572
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
8
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-27gp-8389-hm4w
reference_id GHSA-27gp-8389-hm4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27gp-8389-hm4w
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9f1k-z7z2-d7cc