Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker on the same network segment to attach a remote debugger and achieve remote code execution within the Keycloak Java virtual machine.

Published: Nov 13, 2025
Updated: Nov 14, 2025
CVE: CVE-2025-11538
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-1327

Affected Software
References

No affected software listed.

https://access.redhat.com/errata/RHSA-2025:21370
https://access.redhat.com/errata/RHSA-2025:21371
https://access.redhat.com/security/cve/CVE-2025-11538
https://bugzilla.redhat.com/show_bug.cgi?id=2402622
https://github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9
https://github.com/keycloak/keycloak/pull/43574

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo