Keycloak UMA Policy Bypass via Owner Check Leak
CVE-2025-14778 Published on February 9, 2026

Keycloak: incorrect ownership checks in /uma-policy/
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-14778 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public. 55 days later.

Weakness Type

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2025-14778

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-14778 are published in these products:

Red Hat Build Keycloak
 
Red Hat Keycloak
 

Affected Versions

Red Hat build of Keycloak 26.2: Red Hat build of Keycloak 26.2: Red Hat build of Keycloak 26.2: Red Hat build of Keycloak 26.2.13: Red Hat build of Keycloak 26.4: Red Hat build of Keycloak 26.4: Red Hat build of Keycloak 26.4: Red Hat build of Keycloak 26.4.9:

Exploit Probability

EPSS
0.01%
Percentile
0.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.