OutOfMemoryError Vulnerability in Keycloak Authentication with JWT Tokens
CVE-2025-2559

4.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak; Red Hat Single Sign-on 7
Vendor: CVE Published:; 25 March 2025

Summary

A flaw in Keycloak arises when JWT tokens are configured for authentication. The caching mechanism retains these tokens until they expire, potentially leading to situations where excessively long expiration times (e.g., 24 or 48 hours) allow the token cache to grow uncontrollably. This excessive growth can consume available memory resources, resulting in an OutOfMemoryError. As a consequence, legitimate users may experience denial of service, preventing them from accessing the system and disrupting normal operations.

References

https://access.redhat.com/security/cve/CVE-2025-2559

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2353868

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Mar 20, 2025