CVE-2025-23368
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 <= * | affected | ||
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:7.3.18-3.GA_redhat_00001.1.el7eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:8.1.6-5.GA_redhat_00007.1.el8eap < * | unaffected |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:8.1.6-5.GA_redhat_00007.1.el9eap < * | unaffected |
Weaknesses
- CWE-307: Improper Restriction of Excessive Authentication Attempts
Workarounds
The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://access.redhat.com/errata/RHSA-2026:18054
- https://access.redhat.com/errata/RHSA-2026:18055
- https://access.redhat.com/errata/RHSA-2026:18059
- https://access.redhat.com/errata/RHSA-2026:33371
- https://access.redhat.com/security/cve/CVE-2025-23368
- https://bugzilla.redhat.com/show_bug.cgi?id=2337621
- https://www.gruppotim.it/it/footer/red-team.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.