CVE-2025-23368
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.1 / 10
Vulnerability Description
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
maven
Product
org.wildfly.core:wildfly-elytron-integration
External References
- https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qhp6-6p8p-2rqh
- https://nvd.nist.gov/vuln/detail/CVE-2025-23368
- https://github.com/wildfly/wildfly-core/pull/6634
- https://github.com/wildfly/wildfly-core/pull/6635
- https://github.com/wildfly/wildfly-core/commit/11e873031c522a0b36afb59880ce4dd59efd0bc0
- https://github.com/wildfly/wildfly-core/commit/a6f9d7534aa44de741337756f8377ad3a81f7695
- https://access.redhat.com/security/cve/CVE-2025-23368
- https://bugzilla.redhat.com/show_bug.cgi?id=2337621
- https://www.gruppotim.it/it/footer/red-team.html
- https://github.com/advisories/GHSA-qhp6-6p8p-2rqh
Discussion (0)
Add Comment
No comments yet. Be the first!