CVE-2025-11537

ADVISORY - github

Summary

A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise.

EPSS Score⁠: 0.00006 (0.003)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-117⁠

Improper Output Neutralization for Logs

ADVISORY - github

CWE-117⁠

Improper Output Neutralization for Logs

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.