OutOfMemoryError Vulnerability in Keycloak Authentication with JWT Tokens
CVE-2025-2559
4.9MEDIUM
Summary
A flaw in Keycloak arises when JWT tokens are configured for authentication. The caching mechanism retains these tokens until they expire, potentially leading to situations where excessively long expiration times (e.g., 24 or 48 hours) allow the token cache to grow uncontrollably. This excessive growth can consume available memory resources, resulting in an OutOfMemoryError. As a consequence, legitimate users may experience denial of service, preventing them from accessing the system and disrupting normal operations.
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved