CVE-2025-11419

EPSS 0.08%
Veröffentlicht 23.12.2025 20:42:38
Zuletzt bearbeitet 20.04.2026 18:16:22
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Keycloak: keycloak tls client-initiated renegotiation denial of service

Keycloak TLS Client-Initiated Renegotiation Denial of Service

A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.

Mögliche Gegenmaßnahme

Keycloak Server: Install latest version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

CNA 9 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/keycloak/keycloak/

≫

Paket keycloak

Default Statusunaffected

Version 0

Version < 26.0.16

Status affected

Version 26.1.0

Version < 26.1.*

Status unknown

Version 26.2.0

Version < 26.2.10

Status affected

Version 26.3.0

Version < 26.3.*

Status unknown

Version 26.4.0

Version < 26.4.1

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0.16-2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0-20

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0

Default Statusaffected

Version 26.0-21

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.0.16

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2.10-2

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2-11

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2-11

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2.10

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemKeycloak

≫

Produkt Keycloak Server

Version >= 0.0.0, < 26.0.16

Version >= 26.2.0, < 26.2.10

Version >= 26.4.0, < 26.4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.228

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://access.redhat.com/errata/RHSA-2025:18254

https://access.redhat.com/errata/RHSA-2025:18255

https://access.redhat.com/errata/RHSA-2025:18889

https://access.redhat.com/errata/RHSA-2025:18890

https://access.redhat.com/security/cve/CVE-2025-11419

https://bugzilla.redhat.com/show_bug.cgi?id=2402142

https://github.com/keycloak/keycloak/discussions/25209

https://github.com/keycloak/keycloak/issues/43020

https://github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7x

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-11419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11419

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-11419