7.5
CVE-2025-11419
- EPSS 0.66%
- Veröffentlicht 23.12.2025 20:42:38
- Zuletzt bearbeitet 20.04.2026 18:16:22
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: keycloak tls client-initiated renegotiation denial of service
Keycloak TLS Client-Initiated Renegotiation Denial of Service
A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/keycloak/keycloak/
≫
Paket
keycloak
Default Statusunaffected
Version
0
Version <
26.0.16
Status
affected
Version
26.1.0
Version <
26.1.*
Status
unknown
Version
26.2.0
Version <
26.2.10
Status
affected
Version
26.3.0
Version <
26.3.*
Status
unknown
Version
26.4.0
Version <
26.4.1
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0.16-2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0-20
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0-21
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0.16
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.2
Default Statusaffected
Version
26.2.10-2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.2
Default Statusaffected
Version
26.2-11
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.2
Default Statusaffected
Version
26.2-11
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.2.10
Default Statusunaffected
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemKeycloak
≫
Produkt
Keycloak Server
Version
>= 0.0.0, < 26.0.16
Version
>= 26.2.0, < 26.2.10
Version
>= 26.4.0, < 26.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.66% | 0.465 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/errata/RHSA-2025:18254
https://access.redhat.com/errata/RHSA-2025:18255
https://access.redhat.com/errata/RHSA-2025:18889
https://access.redhat.com/errata/RHSA-2025:18890
https://access.redhat.com/security/cve/CVE-2025-11419
https://bugzilla.redhat.com/show_bug.cgi?id=2402142
https://github.com/keycloak/keycloak/discussions/25209
https://github.com/keycloak/keycloak/issues/43020
https://github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7x