CVE-2025-11419

A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:18254
https://access.redhat.com/errata/RHSA-2025:18255
https://access.redhat.com/errata/RHSA-2025:18889
https://access.redhat.com/errata/RHSA-2025:18890
https://access.redhat.com/security/cve/CVE-2025-11419
https://bugzilla.redhat.com/show_bug.cgi?id=2402142
https://github.com/keycloak/keycloak/discussions/25209
https://github.com/keycloak/keycloak/issues/43020

Configurations

No configuration.

History

20 Apr 2026, 18:16

Type	Values Removed	Values Added
References		() https://github.com/keycloak/keycloak/discussions/25209 - () https://github.com/keycloak/keycloak/issues/43020 -

23 Dec 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-23 21:15

Updated : 2026-04-20 18:16

NVD link : CVE-2025-11419

Mitre link : CVE-2025-11419

CVE.ORG link : CVE-2025-11419

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10