Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23368

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

Published

2025-03-04T16:15:39.270

Last Modified

2025-10-14T16:56:41.847

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	data_grid	8.0	Yes
Application	redhat	jboss_enterprise_application_platform	7.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	8.0.0	Yes
Application	redhat	wildfly_elytron	-	Yes

References

https://access.redhat.com/security/cve/CVE-2025-23368 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2337621 Vendor Advisory ([email protected])
https://www.gruppotim.it/it/footer/red-team.html Third Party Advisory ([email protected])