VDB
CVE-2025-23368
CVE-2025-23368
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
EPSS 0.37% · 59.4th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.37%
59.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Process Automation 7 | |
| Red Hat | Red Hat Data Grid 8 | |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat Integration Camel K 1 | |
| Maven | org.wildfly.core:wildfly-elytron-integration | 32.0.0.Beta1, 0 |
| Red Hat | Red Hat Fuse 7 | |
| redhat | wildfly_core | 0 |
| Red Hat | Red Hat Build of Keycloak | |
| 0 | ||
| redhat | jboss_enterprise_application_platform | 8.0.0, 7.0.0 |
| redhat | data_grid | 8.0 |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| Red Hat | Red Hat Process Automation 7 | |
| Red Hat | Red Hat Fuse 7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | |
| Red Hat | Red Hat JBoss Data Grid 7 | |
| Red Hat | Red Hat Single Sign-On 7 |
Timeline
- Jan 14, 2025 CVE ID Reserved
- Mar 4, 2025 CVE Published
- Mar 5, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 23, 2025 Coalition ESS Score
- Apr 2, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 29, 2025 EPSS Score
- May 13, 2025 EPSS Score
- May 27, 2025 EPSS Score
- Jun 10, 2025 EPSS Score
- Jun 18, 2025 Coalition ESS Score
References
- https://access.redhat.com/security/cve/CVE-2025-23368 vdb
- RHBZ#2337621 issue
- https://www.gruppotim.it/it/footer/red-team.html url
- https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qhp6-6p8p-2rqh url
- https://nvd.nist.gov/vuln/detail/CVE-2025-23368 advisory
- https://github.com/wildfly/wildfly-core/pull/6634 url
- https://github.com/wildfly/wildfly-core/pull/6635 url
- https://github.com/wildfly/wildfly-core/commit/11e873031c522a0b36afb59880ce4dd59efd0bc0 url
- https://github.com/wildfly/wildfly-core/commit/a6f9d7534aa44de741337756f8377ad3a81f7695 url
- https://github.com/wildfly/wildfly-core package