{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:25:57.657","vulnerabilities":[{"cve":{"id":"CVE-2025-9162","sourceIdentifier":"secalert@redhat.com","published":"2025-08-21T16:15:35.067","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process\nallows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment."},{"lang":"es","value":"Se encontró una falla en org.keycloak/keycloak-model-storage-service. El recurso personalizado KeycloakRealmImport sustituye marcadores de posición dentro de los documentos de dominio importados, lo que podría hacer referencia a variables de entorno. Este proceso de sustitución permite ataques de inyección al procesar documentos de dominio manipulados. Un atacante puede aprovechar esto para inyectar contenido malicioso durante el proceso de importación del dominio. Esto puede tener consecuencias imprevistas en el entorno de Keycloak."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-526"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:15336","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15337","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15338","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:15339","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16399","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2025:16400","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-9162","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2389396","source":"secalert@redhat.com"}]}}]}