CVE-2025-11537 | THREATINT

Description

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise.

PUBLISHED Reserved 2025-10-09 | Published 2026-02-10 | Updated 2026-02-10 | Assigner redhat

MEDIUM: 5.0CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

Improper Output Neutralization for Logs

Product status

Default status

affected

Timeline

2025-10-09:	Reported to Red Hat.
2025-10-09:	Made public.

References

access.redhat.com/security/cve/CVE-2025-11537 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2402616 (RHBZ#2402616) issue-tracking

cve.org (CVE-2025-11537)

nvd.nist.gov (CVE-2025-11537)

Download JSON