Red Hat Product Errata RHSA-2025:4336 - Security Advisory
Issued:
2025-04-29
Updated:
2025-04-29

RHSA-2025:4336 - Security Advisory

Synopsis

Important: Red Hat build of Keycloak 26.0.11 Update

Type/Severity

Security Advisory: Important

Topic

New Red Hat build of Keycloak 26.0.11 packages are available from the Customer Portal

Description

Red Hat build of Keycloak 26.0.11 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.

Security fixes:

  • JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak
  • Keycloak hostname verification
  • Two factor authentication bypass

Solution

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Affected Products

  • Red Hat build of Keycloak Text-only Advisories x86_64

Fixes

  • BZ - 2353868 - CVE-2025-2559 org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak
  • BZ - 2358834 - CVE-2025-3501 org.keycloak.protocol.services: Keycloak hostname verification
  • BZ - 2361923 - CVE-2025-3910 org.keycloak.authentication: Two factor authentication bypass

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.