VDB

CVE-2025-23367

CVE-2025-23367 PUBLISHED

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

EPSS 0.20% · 41.9th percentile

Risk Scores

EPSS Score
0.20%
41.9th percentile

Affected Products

VendorProductVersions
Bitnamiwildfly0, 28.0.0
Bitnamiwildfly28.0.0, 0

Timeline

  • Jan 14, 2025 CVE ID Reserved
  • Jan 30, 2025 CVE Published
  • Jan 31, 2025 EPSS Score
  • Feb 1, 2025 Coalition ESS Score
  • Feb 15, 2025 EPSS Score
  • Mar 2, 2025 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Apr 1, 2025 EPSS Score
  • Apr 1, 2025 Coalition ESS Score
  • Apr 13, 2025 Coalition ESS Score
  • Apr 16, 2025 EPSS Score
  • Apr 19, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›