CVE-2025-13467

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-13467

Severity

5.5

Medium

CVSS V3

Description

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-13467
https://github.com/advisories/GHSA-93vm-mqpw-8wh3
https://access.redhat.com/security/cve/CVE-2025-13467
https://access.redhat.com/errata/RHSA-2025:22088
https://access.redhat.com/errata/RHSA-2025:22089
https://access.redhat.com/errata/RHSA-2025:22090
https://access.redhat.com/errata/RHSA-2025:22091
https://bugzilla.redhat.com/show_bug.cgi?id=2416038
https://github.com/keycloak/keycloak/issues/44478
https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-13467

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company