CVE-2025-23368

Summary

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

Affected Software

VendorProductVersion RangeStatus
0 <= *affected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:7.3.18-3.GA_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:8.1.6-5.GA_redhat_00007.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:8.1.6-5.GA_redhat_00007.1.el9eap < *unaffected

Weaknesses

  • CWE-307: Improper Restriction of Excessive Authentication Attempts

Workarounds

The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References