CVE-2025-23367

EPSS 0.09%
Veröffentlicht 30.01.2025 15:15:18
Zuletzt bearbeitet 22.07.2025 09:15:23
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. 
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/wildfly/wildfly-core

≫

Paket wildfly-core

Default Statusunaffected

Version < 27.0.1.Final

Version 0

Status affected

Version < 28.0.0.Beta2

Version 28.0.0.Beta1

Status affected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Default Statusaffected

Version < *

Version 0:7.4.21-3.GA_29548_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Default Statusaffected

Version < *

Version 0:7.4.21-3.GA_29548_redhat_00001.1.el9eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:4.1.119-1.Final_redhat_00004.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Default Statusaffected

Version < *

Version 0:7.4.21-3.GA_29548_redhat_00001.1.el7eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.16.1-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.80.0-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:800.7.0-2.GA_redhat_00002.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:6.2.35-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.13-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.0.1-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:4.0.11-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:1.0.4-3.redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:3.1.10-1.redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:5.1.5-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:8.0.7-3.GA_redhat_00004.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Default Statusaffected

Version < *

Version 0:2.2.9-1.Final_redhat_00001.1.el8eap

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Data Grid 8

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Fuse 7

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat JBoss Data Grid 7

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat JBoss Enterprise Application Platform Expansion Pack

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat Process Automation 7

Default Statusunknown

HerstellerRed Hat

≫

Produkt Red Hat Single Sign-On 7

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.273

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://access.redhat.com/security/cve/CVE-2025-23367

https://bugzilla.redhat.com/show_bug.cgi?id=2337620

https://github.com/advisories/GHSA-qr6x-62gq-4ccp

https://access.redhat.com/errata/RHSA-2025:3467

https://access.redhat.com/errata/RHSA-2025:3465

https://access.redhat.com/errata/RHSA-2025:3989

https://nvd.nist.gov/vuln/detail/CVE-2025-23367

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23367

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23367

EUVD