Home > Vulnerability Database > CVE-2025-11537

Mend.io Vulnerability Database

CVE-2025-11537

Good to know:

Date: February 10, 2026

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise.

Severity Score

5.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11537

Url: https://access.redhat.com/security/cve/CVE-2025-11537

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2402616

Url: https://www.mend.io/vulnerability-database/CVE-2025-11537

Severity Score

5.0

Weakness Type (CWE)

Improper Output Neutralization for Logs

CWE-117

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11537

Good to know:

Date: February 10, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?