Sensitive Data Exposure in Keycloak Logging Configuration
CVE-2025-11537

5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak
Vendor
CVE Published:
10 February 2026

What is CVE-2025-11537?

A vulnerability in Keycloak's logging configuration allows for the disclosure of sensitive data, such as Authorization headers and cookies, when verbose logging is enabled with user-defined patterns. This flaw means that log files might contain sensitive credentials in cleartext, which can be accessed by any attacker with read permissions to those logs. Such access can lead to serious security risks, including user impersonation and account takeover.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-11537
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2402616
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.