CVE-2025-2559

{"id": "CVE-2025-2559", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2025-03-25T09:15:17.047", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:4335", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2025:4336", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-2559", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353868", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Keycloak. Cuando la configuraci\u00f3n utiliza tokens JWT para la autenticaci\u00f3n, estos se almacenan en cach\u00e9 hasta su vencimiento. Si un cliente utiliza tokens JWT con un tiempo de vencimiento demasiado largo, por ejemplo, 24 o 48 horas, la cach\u00e9 puede crecer indefinidamente, lo que genera un error de memoria (OutOfMemoryError). Este problema podr\u00eda generar una condici\u00f3n de denegaci\u00f3n de servicio, impidiendo que los usuarios leg\u00edtimos accedan al sistema."}], "lastModified": "2025-04-30T03:15:17.857", "sourceIdentifier": "secalert@redhat.com"}