CVE-2025-14559 - Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw ...

CVE ID : CVE-2025-14559 Published : Jan. 21, 2026, 6:13 a.m. | 59 minutes ago Description : A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...