CVE-2025-13467 – Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation

CVE ID : CVE-2025-13467

Published : Nov. 25, 2025, 4:16 p.m. | 1 hour, 7 minutes ago

Description : A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…