Medium severity4.9NVD Advisory· Published Mar 25, 2025· Updated May 6, 2026
CVE-2025-2559
CVE-2025-2559
Description
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | <= 26.1.4 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-2935-2wfm-hhpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2559ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:4335nvdWEB
- access.redhat.com/errata/RHSA-2025:4336nvdWEB
- access.redhat.com/security/cve/CVE-2025-2559nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276canvd
- github.com/keycloak/keycloak/issues/38576nvd
News mentions
0No linked articles in our index yet.