Main Vulnerability Database Vulnerabilities #VU108092

#VU108092 Resource management error in Keycloak - CVE-2025-2559

Published: April 30, 2025

Vulnerability identifier: #VU108092

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-2559

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Keycloak

Software vendor:
Keycloak

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when caching JWT tokens. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely leading to denial of service.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2353868

#VU108092 Resource management error in Keycloak - CVE-2025-2559

Description

Remediation

External links

Please verify you're human