Issued:: 2025-07-29
Updated:: 2025-07-29

RHSA-2025:12015 - Security Advisory

Overview

Synopsis

Moderate: Red Hat build of Keycloak 26.2.6 Security Update

Type/Severity

Security Advisory: Moderate

Topic

New Red Hat build of Keycloak 26.2.6 packages are available from the Customer Portal

Description

Red Hat build of Keycloak 26.2.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:

Phishing attack via email verification step in first login flow (CVE-2025-7365)
Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled) (CVE-2025-7784)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Affected Products

Red Hat build of Keycloak Text-only Advisories x86_64

Fixes

BZ - 2378852 - CVE-2025-7365 keycloak: Phishing attack via email verification step in first login flow
BZ - 2381861 - CVE-2025-7784 org.keycloak/keycloak-services: Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled)

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

RHSA-2025:12015 - Security Advisory

Synopsis

Type/Severity

Topic

Description

Solution

Affected Products

Fixes

CVEs

References

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links