Nixpkgs security tracker

Untriaged

Permalink CVE-2025-5416

2.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 9 months, 3 weeks ago

Keycloak-core: keycloak environment information

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

References

https://access.redhat.com/security/cve/CVE-2025-5416 vdb-entryx_refsource_REDHAT
RHBZ#2369601 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-5416 vdb-entryx_refsource_REDHAT
RHBZ#2369601 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-5416 vdb-entryx_refsource_REDHAT
RHBZ#2369601 x_refsource_REDHATissue-tracking

Affected products

keycloak

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.1.4
- nixpkgs-unstable 26.1.4
- nixos-unstable-small 26.1.4

pkgs.terraform-providers.keycloak

None

nixos-unstable 5.2.0
- nixpkgs-unstable 5.2.0
- nixos-unstable-small 5.2.0

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>
@ngerstle Nicholas Gerstle <ngerstle@gmail.com>

Untriaged

Permalink CVE-2025-2559

4.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 10 months, 3 weeks ago

Org.keycloak/keycloak-services: jwt token cache exhaustion leading to denial of service (dos) in keycloak

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.

References

https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking
RHSA-2025:4335 vendor-advisoryx_refsource_REDHAT
RHSA-2025:4336 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2025-2559 vdb-entryx_refsource_REDHAT
RHBZ#2353868 x_refsource_REDHATissue-tracking

Affected products

keycloak

<26.0.11
<26.1.5

keycloak-services

rhbk/keycloak-rhel9

keycloak-rhel9-container

rhbk/keycloak-rhel9-operator

rhbk/keycloak-operator-bundle

keycloak-rhel9-operator-container

keycloak-rhel9-operator-bundle-container

Matching in nixpkgs

pkgs.keycloak

Identity and access management for modern applications and services

nixos-unstable 26.0.6
- nixpkgs-unstable 26.0.6
- nixos-unstable-small 26.0.7

pkgs.terraform-providers.keycloak

None

nixos-unstable 4.4.0
- nixpkgs-unstable 4.4.0
- nixos-unstable-small 4.4.0

pkgs.python311Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.python312Packages.python-keycloak

Provides access to the Keycloak API

nixos-unstable 4.0.0
- nixpkgs-unstable 4.0.0
- nixos-unstable-small 4.0.0

pkgs.python313Packages.python-keycloak

Provides access to the Keycloak API

Package maintainers

@ngerstle Nicholas Gerstle <ngerstle@gmail.com>
@talyz Kim Lindberger <kim.lindberger@gmail.com>
@NickCao Nick Cao <nickcao@nichi.co>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.keycloak

pkgs.terraform-providers.keycloak

pkgs.python311Packages.python-keycloak

pkgs.python312Packages.python-keycloak

pkgs.python313Packages.python-keycloak

Package maintainers