Security Advisory

CVE-2025-13881

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-02 05:43:22

Last updated 2026-02-10 01:11:39

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.

← Browse all CVEs View on cve.org ↗