Home > Vulnerability Database > CVE-2025-11419

Mend.io Vulnerability Database

CVE-2025-11419

Good to know:

Date: October 28, 2025

Keycloak is vulnerable to a Denial of Service (DoS) attack due to the default JDK setting that permits Client-Initiated Renegotiation in TLS 1.2. An unauthenticated remote attacker can repeatedly initiate TLS renegotiation requests to exhaust server CPU resources, making the service unavailable. Immediate mitigation is available by setting the "-Djdk.tls.rejectClientInitiatedRenegotiation=true" Java system property in the Keycloak startup configuration.

Severity Score

7.5

Related Resources (4)

Url: https://github.com/keycloak/keycloak/security/advisories/GHSA-q8hq-4h99-fj7x

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11419

Url: https://github.com/keycloak/keycloak

Url: https://www.mend.io/vulnerability-database/CVE-2025-11419

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version org.keycloak:keycloak-quarkus-dist:26.0.16;org.keycloak:keycloak-quarkus-dist:26.2.10;org.keycloak:keycloak-quarkus-dist:26.4.1;https://github.com/keycloak/keycloak.git - 26.0.16;https://github.com/keycloak/keycloak.git - 26.2.10;https://github.com/keycloak/keycloak.git - 26.4.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11419

Good to know:

Date: October 28, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?