Issued:: 2025-10-16
Updated:: 2025-10-16

RHSA-2025:18255 - Security Advisory

Overview
Updated Images

Synopsis

Important: Red Hat build of Keycloak 26.0.16 Update

Type/Severity

Security Advisory: Important

Topic

New Red Hat build of Keycloak 26.0.16 packages are available from the Customer Portal

Description

Red Hat build of Keycloak 26.0.16 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

Keycloak TLS Client-Initiated Renegotiation Denial of Service (CVE-2025-11419)

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Affected Products

Red Hat build of Keycloak Text-only Advisories x86_64

Fixes

(none)

CVEs

CVE-2025-11419

References

https://access.redhat.com/security/updates/classification/#important

ppc64le

rhbk/keycloak-rhel9@sha256:cfc457ab3d6cadd50622b18a1bf3967754545ba3cc435cd29ad4e80d592050e5

rhbk/keycloak-rhel9-operator@sha256:3df0789cf7012777396528a72fd7c8af718bdf61e79ca3a5097ee77e37ade59d

s390x

rhbk/keycloak-rhel9@sha256:42c1e459585e03df56aca5bbf83081d95f21b121f623fec4d36e9a42f697f945

rhbk/keycloak-rhel9-operator@sha256:aef5994b152d534e81c9832b67cf6ff68e760d55915f830be02ac2bcaceae553

x86_64

rhbk/keycloak-operator-bundle@sha256:43a298583415c35ecbb5325283a9892566bd08fb0eb2ebd37e90610d88269649

rhbk/keycloak-rhel9@sha256:bbda28678bec5d9778a3f0da5bb2cb9becc971f6080eb03758316721720b83e8

rhbk/keycloak-rhel9-operator@sha256:14b0fbc122f85168376a1769d591641fc2c8e93c0d0b771065cd3779b5ebc546

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation