CVE-2025-13467

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-13467
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13467.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-13467
Aliases
Downstream
Related
Published
2025-11-25T16:16:06.623Z
Modified
2026-02-04T03:17:27.577651Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

References

Affected packages

Git / github.com/keycloak/keycloak

Affected ranges

Type
GIT
Repo
https://github.com/keycloak/keycloak
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
754c070cf8ca187dcc71f0f72ff3130ff2195328

Affected versions

1.*
1.0-alpha-1
1.0-alpha-1-12062013
1.0-alpha-2
1.0-alpha-3
1.0-beta-1
1.0-beta-2
1.0-beta-4
1.0-final
1.0-rc-1
1.0.0.Final
1.1.0.Beta2
1.3.0.Final
2.*
2.4.0.Test

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "226235308159131851192318270987014224322",
                "201123752110399804826457348981442872527",
                "277947511401556881743486945915696833281",
                "314121494340710425176190798229851943124"
            ]
        },
        "source": "https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328",
        "deprecated": false,
        "id": "CVE-2025-13467-00e145f3",
        "signature_type": "Line",
        "target": {
            "file": "quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ImportDistTest.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "40398188417863947483597210405223350405",
                "207837723013471709417959151674516298491",
                "297055932567236312451873712303201226337",
                "2055942045045077661354064933037380652",
                "338172461787905585055078578361784929978",
                "150866136996957221996208880364248988091",
                "66151956964563879737332083771947930455",
                "304562412793772218486372453955314846137",
                "238803037743001507279508068593684431171",
                "153000277485518232007004712568288878969",
                "227319802484199552569462492995153360851",
                "98157415451938275303621989990213152275",
                "206216130834885469245489613711554680353",
                "316947118513604913264988312150837581454",
                "23017492410120117755662122516922765344",
                "231914203594870927130042912037727631486",
                "267569387783300477076953363022469914164"
            ]
        },
        "source": "https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328",
        "deprecated": false,
        "id": "CVE-2025-13467-ba0c2ac6",
        "signature_type": "Line",
        "target": {
            "file": "federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 219.0,
            "function_hash": "178036485911923954374153240908751077573"
        },
        "source": "https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328",
        "deprecated": false,
        "id": "CVE-2025-13467-eb958976",
        "signature_type": "Function",
        "target": {
            "function": "init",
            "file": "federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProviderFactory.java"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 705.0,
            "function_hash": "310336063257694373989777957108392210916"
        },
        "source": "https://github.com/keycloak/keycloak/commit/754c070cf8ca187dcc71f0f72ff3130ff2195328",
        "deprecated": false,
        "id": "CVE-2025-13467-fa00f927",
        "signature_type": "Function",
        "target": {
            "function": "testImportLargeUserCount",
            "file": "quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ImportDistTest.java"
        },
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13467.json"