CVE-2025-23368
Published: 04 March 2025
Summary
CVE-2025-23368 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Redhat Jboss Enterprise Application Platform. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked in the top 41.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-23368, published on 2025-03-04, is a vulnerability in the Wildfly Elytron integration. The affected component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, rendering it more susceptible to brute force attacks via CLI. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H) and maps to CWE-307: Improper Restriction of Excessive Authentication Attempts.
Remote network attackers can exploit this flaw without requiring privileges or user interaction, although it demands high attack complexity. By conducting brute force attacks against the CLI authentication mechanism, attackers can potentially gain unauthorized access, resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2025-23368 and the associated Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2337621.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7628
Vulnerability details
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a lack of rate limiting on authentication attempts in the Wildfly Elytron CLI mechanism, directly enabling brute force attacks (T1110) to obtain unauthorized access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-7 directly enforces limits on consecutive unsuccessful logon attempts and account lockouts, comprehensively mitigating the brute force vulnerability in Wildfly Elytron CLI authentication.
SI-2 requires timely identification, reporting, and correction of flaws like the insufficient brute-force protections in Wildfly Elytron integration.
AU-12 ensures audit records are generated for failed authentication events, enabling detection of brute force patterns targeting the vulnerable CLI mechanism.