Red Hat Keycloak CVE-2025-11538 Debug Mode RCE Vulnerability Advisory

Critical Vulnerability Information CVE ID: CVE-2025-11538 Disclosure Date: November 13, 2025 Severity: Medium CVSS v3 Base Score: 6.8 Description A vulnerability exists in the Keycloak server distribution where, when debug mode ( ) is enabled, it binds insecurely by default to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing attackers on the same network segment to attach a remote debugger and achieve remote code execution within the Keycloak Java Virtual Machine. Statement Red Hat assesses this as a medium-impact vulnerability, as it requires running debug mode within an untrusted network. Additionally, for Red Hat Single Sign-On, binding to the 0.0.0.0 address is necessary, which is not recommended in production environments. Mitigation Mitigation options for this issue are either unavailable or currently available options do not meet Red Hat’s product security standards, including usability, deployment, applicability to a broad installation base, or stability. Affected Packages and Red Hat Security Advisories Red Hat Built Keycloak 26.4 - Components: rhbk/keycloak-operator-bundle, rhbk/keycloak-rhel9, rhbk/keycloak-rhel9-operator - Status: Fixed - Errata: RHSA-2025:21371 - Release Date: November 14, 2025 Red Hat Built Keycloak 26.4.4 - Components: rhbk/keycloak-rhel9 - Status: Fixed - Errata: RHSA-2025:21370 - Release Date: November 14, 2025 CVSS v3 Score Details Base Score: 6.8 Attack Vector: Adjacent Network Attack Complexity: High Required Privileges: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: None Weakness (CWE) CWE-1327: Binding to Unrestricted IP Address Acknowledgments This issue was discovered by Steven Hawkins (Red Hat).

Goal Reached Thanks to every supporter — we hit 100%!

Red Hat Keycloak CVE-2025-11538 Debug Mode RCE Vulnerability Advisory

More from this source