← back
CVE-2025-14010

Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leaks credentials in verbose output

CVSS 5.5 MEDIUMEPSS 0.1%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →