CVE-2025-13467

low-risk

Published 2025-11-25

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

NETWORK / LOW complexity

References (8)

https://access.redhat.com/errata/RHSA-2025:22088

https://access.redhat.com/errata/RHSA-2025:22089

https://access.redhat.com/errata/RHSA-2025:22090

https://access.redhat.com/errata/RHSA-2025:22091

https://access.redhat.com/security/cve/CVE-2025-13467

https://bugzilla.redhat.com/show_bug.cgi?id=2416038

https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff219...

https://github.com/keycloak/keycloak/issues/44478

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal