CNNVD-202512-4106 Information

CNNVD ID

CNNVD-202512-4106

Related CVE

CVE-2025-11419

• CNNVD Published: 2025-12-23

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于未限制TLS 1.2客户端重协商请求，可能导致拒绝服务。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the fact that there is no restriction on TLS 1.2 requests for critical consultation, which may lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2025-12-23

Last Modified

2026-02-24

References

https://bugzilla.redhat.com/show_bug.cgi?id=2402142 https://access.redhat.com/security/cve/CVE-2025-11419 https://access.redhat.com/errata/RHSA-2025:18890 https://access.redhat.com/errata/RHSA-2025:18255 https://access.redhat.com/errata/RHSA-2025:18254 https://access.redhat.com/errata/RHSA-2025:18889 https://vigilance.fr/vulnerability/Keycloak-denial-of-service-via-TLS-Client-Initiated-Renegotiation-48595