High severity7.5GHSA Advisory· Published Dec 23, 2025· Updated Apr 20, 2026
CVE-2025-11419
CVE-2025-11419
Description
A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-quarkus-distMaven | < 26.0.16 | 26.0.16 |
org.keycloak:keycloak-quarkus-distMaven | >= 26.1.0, < 26.2.10 | 26.2.10 |
org.keycloak:keycloak-quarkus-distMaven | >= 26.3.0, < 26.4.1 | 26.4.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/advisories/GHSA-q8hq-4h99-fj7xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-11419ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:18254nvdWEB
- access.redhat.com/errata/RHSA-2025:18255nvdWEB
- access.redhat.com/errata/RHSA-2025:18889nvdWEB
- access.redhat.com/errata/RHSA-2025:18890nvdWEB
- access.redhat.com/security/cve/CVE-2025-11419nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/issues/43020nvdWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7xghsaWEB
News mentions
0No linked articles in our index yet.