4.9
CVE-2025-2559
- EPSS 0.65%
- Veröffentlicht 25.03.2025 08:20:57
- Zuletzt bearbeitet 06.05.2026 17:16:19
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/keycloak/keycloak/
≫
Paket
keycloak
Default Statusunaffected
Version
23.0.0
Version <
26.0.11
Status
affected
Version
26.1.0
Version <
26.1.5
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Build of Keycloak
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0.11-2
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0-12
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.0
Default Statusaffected
Version
26.0-13
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat Single Sign-On 7
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.467 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://access.redhat.com/security/cve/CVE-2025-2559
https://bugzilla.redhat.com/show_bug.cgi?id=2353868
https://access.redhat.com/errata/RHSA-2025:4335
https://access.redhat.com/errata/RHSA-2025:4336
https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca
https://github.com/keycloak/keycloak/issues/38576