CVE-2025-11538 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug ) insecurely defaults to binding the Java Debug Wire Protocol (JDWP)…
Medium CVSS: 6.8

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug <port>) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker on the same network segment to attach a remote debugger and achieve remote code execution within the Keycloak Java virtual machine.
Vendor
-
Product
-
CWE
CWE-1327
Yayın Tarihi
2025-11-13 17:15:44
Güncelleme
2025-12-19 21:15:53
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-1327 MEDIUM 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:21370 https://access.redhat.com/errata/RHSA-2025:21371 https://access.redhat.com/security/cve/CVE-2025-11538 https://bugzilla.redhat.com/show_bug.cgi?id=2402622 https://github.com/keycloak/keycloak/commit/9e98f2bf961f68853cea6fbec58b512ed8be7ca9 https://github.com/keycloak/keycloak/pull/43574