Remote Code Execution Risk in Keycloak Server Due to Insecure Debug Mode Configuration
CVE-2025-11538

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-11538?

A flaw in Keycloak's server distribution allows enabling debug mode to insecurely bind the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This misconfiguration exposes the debug port to anyone on the same local network segment, providing potential attackers the ability to attach a remote debugger. Consequently, this could lead to unauthorized remote code execution within the Keycloak Java virtual machine, posing serious security risks for organizations utilizing the affected versions.

References

https://access.redhat.com/security/cve/CVE-2025-11538

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2402622

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Oct 9, 2025

Credit

This issue was discovered by Steven Hawkins (Red Hat).

JSON