CVE-2025-23368

Exploit

EPSS 0.19%
Veröffentlicht 04.03.2025 16:15:39
Zuletzt bearbeitet 13.02.2026 16:43:08
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 4 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Wildfly Core Version < 31.0.3

Redhat ≫ Data Grid Version8.0

Redhat ≫ Jboss Enterprise Application Platform Version7.0.0

Redhat ≫ Jboss Enterprise Application Platform Version8.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.gruppotim.it/it/footer/red-team.html

Third Party Advisory

Exploit

https://access.redhat.com/security/cve/CVE-2025-23368

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2337621

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-23368

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23368

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23368

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-23368