CVE-2025-23368Improper Restriction of Excessive Authentication Attempts in Redhat Wildfly Core

CWE-307Improper Restriction of Excessive Authentication Attempts6 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 59.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat Wildfly CoreRedhat Data GridRedhat Jboss Enterprise Application Platform
Timeline
PublishedMar 4
Latest updateFeb 13

Description

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

NVDredhat/wildfly_core< 31.0.3

🔴Vulnerability Details

4
GHSA
Wildfly Elytron integration susceptible to brute force attacks via CLI2026-02-13
OSV
Wildfly Elytron integration susceptible to brute force attacks via CLI2026-02-13
OSV
Duplicate Advisory: Wildfly Elytron integration susceptible to brute force attacks via CLI2025-03-04
CVEList
Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli2025-03-04

📋Vendor Advisories

1
Red Hat
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI2025-03-03
CVE-2025-23368 — Redhat Wildfly Core vulnerability | cvebase