All vulnerabilities

CVE-2025-2559

Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache

Description

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
4.9
Severity
Medium
Ecosystem
Java
Publish Date
March 25, 2025
Modified Date
April 30, 2025
Score Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Versions