CVE-2025-14559

CVE-2025-14559 is a medium-severity vulnerability with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-840.

Key facts

Description

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.

Frequently asked questions

What is CVE-2025-14559?
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
How severe is CVE-2025-14559?
CVE-2025-14559 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires high privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability none.
Is CVE-2025-14559 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (36th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-14559?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2025-14559 have an EU (EUVD) identifier?
Yes. CVE-2025-14559 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-3686.
When was CVE-2025-14559 published?
CVE-2025-14559 was published on 2026-01-21 and last updated on 2026-06-17.

References

Other CWE-840 vulnerabilities

Browse all CWE-840 vulnerabilities →