PatchSiren cyber security CVE debrief

CVE-2025-23368 Red Hat CVE debrief

A high-severity authentication weakness in WildFly Elytron integration allows brute-force attacks against the CLI due to insufficient rate limiting on failed authentication attempts. The vulnerability affects WildFly Core versions prior to 31.0.3, Red Hat Data Grid 8.0, and JBoss Enterprise Application Platform 7.0.0 and 8.0.0. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates network attack vector with high attack complexity but no privileges or user interaction required, yielding complete confidentiality, integrity, and availability impact. The CWE-307 classification confirms improper restriction of excessive authentication attempts. Red Hat has issued multiple security advisories (RHSA-2026:18054, RHSA-2026:18055, RHSA-2026:18059) addressing this issue. A third-party advisory from Gruppo TIM's red team is also referenced, suggesting potential exploit research attention.

Vendor: Red Hat
Product: Red Hat JBoss Enterprise Application Platform 8.1
CVSS: HIGH 8.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2025-03-04
Original CVE updated: 2026-05-18
Advisory published: 2025-03-04
Advisory updated: 2026-05-18

Who should care

Organizations running WildFly Core versions prior to 31.0.3, Red Hat JBoss Enterprise Application Platform 7.x or 8.x, or Red Hat Data Grid 8.0 with exposed CLI interfaces. Security teams responsible for Java application server infrastructure and identity management administrators using Elytron-based authentication.

Technical summary

The WildFly Elytron security framework fails to implement adequate protections against rapid successive authentication failures through its command-line interface. This deficiency enables attackers to conduct brute-force credential guessing attacks without triggering account lockouts or significant delays. The vulnerability is remotely exploitable over the network with high attack complexity, requiring no user interaction or privileges. Successful exploitation grants complete system compromise (confidentiality, integrity, and availability). The issue was resolved in WildFly Core 31.0.3 and addressed through Red Hat security advisories for affected enterprise products.

Defensive priority

HIGH

Recommended defensive actions

Apply Red Hat security advisories RHSA-2026:18054, RHSA-2026:18055, or RHSA-2026:18059 as applicable to your product version
Upgrade WildFly Core to version 31.0.3 or later
Implement network-level rate limiting and monitoring for CLI access attempts
Enable account lockout policies and failed authentication alerting in WildFly Elytron configuration
Restrict CLI access to administrative hosts via firewall rules or network segmentation
Review authentication logs for anomalous CLI access patterns indicative of brute-force activity

Evidence notes

CVE published 2025-03-04; modified 2026-05-18. CPE criteria confirm affected versions: WildFly Core <31.0.3, Data Grid 8.0, JBoss EAP 7.0.0 and 8.0.0. CVSS 8.1 HIGH severity. CWE-307: Improper Restriction of Excessive Authentication Attempts.

Official resources

CVE-2025-23368 CVE record
CVE.org
CVE-2025-23368 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory

2025-03-04T16:15:39.270Z