CVE-2025-23368: Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
Description
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Classification
CVE ID: CVE-2025-23368
Affected Products
Vendor: Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat, Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat Fuse 7, Red Hat Integration Camel K 1, Red Hat JBoss Data Grid 7, Red Hat JBoss Enterprise Application Platform 7, Red Hat JBoss Enterprise Application Platform 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Process Automation 7, Red Hat Single Sign-On 7
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 22.75% (scored less or equal to compared to others)
EPSS Date: 2025-04-02 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23368https://access.redhat.com/security/cve/CVE-2025-23368
https://bugzilla.redhat.com/show_bug.cgi?id=2337621