{}

{}

{}

{"bugzilla": {"description": "keycloak: Keycloak TLS Client-Initiated Renegotiation Denial of Service", "id": "2402142", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402142"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, configure Keycloak to reject client-initiated TLS renegotiation by adding the following Java system property to the Keycloak startup configuration:\n-Djdk.tls.rejectClientInitiatedRenegotiation=true\nThis prevents unauthenticated attackers from triggering repeated TLS renegotiations and exhausting server CPU resources.\nAdditionally, ensure that Keycloak is deployed behind proper network access controls and rate-limiting mechanisms to further reduce exposure to DoS attacks."}, "name": "CVE-2025-11419", "package_state": [{"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "keycloak-server", "product_name": "Red Hat Build of Keycloak"}], "public_date": "2025-10-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11419\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11419"], "threat_severity": "Important"}