High severity8.1OSV Advisory· Published Mar 4, 2025· Updated Jun 30, 2026
CVE-2025-23368
CVE-2025-23368
Description
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly.core:wildfly-elytron-integrationMaven | >= 32.0.0.Beta1, < 32.0.0.Beta3 | 32.0.0.Beta3 |
org.wildfly.core:wildfly-elytron-integrationMaven | < 31.0.3.Final | 31.0.3.Final |
Affected products
2- Range: 1.0.0.Alpha1, 1.0.0.Alpha10, 1.0.0.Alpha11, …
- ghsa-coordsRange: >= 32.0.0.Beta1, < 32.0.0.Beta3
Patches
Vulnerability mechanics
References
14- www.gruppotim.it/it/footer/red-team.htmlnvdExploitThird Party AdvisoryWEB
- access.redhat.com/security/cve/CVE-2025-23368nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdVendor AdvisoryWEB
- github.com/advisories/GHSA-qhp6-6p8p-2rqhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-23368ghsaADVISORY
- github.com/wildfly/wildfly-core/commit/11e873031c522a0b36afb59880ce4dd59efd0bc0ghsaWEB
- github.com/wildfly/wildfly-core/commit/a6f9d7534aa44de741337756f8377ad3a81f7695ghsaWEB
- github.com/wildfly/wildfly-core/pull/6634ghsaWEB
- github.com/wildfly/wildfly-core/pull/6635ghsaWEB
- github.com/wildfly/wildfly-core/security/advisories/GHSA-qhp6-6p8p-2rqhghsaWEB
- access.redhat.com/errata/RHSA-2026:18054nvd
- access.redhat.com/errata/RHSA-2026:18055nvd
- access.redhat.com/errata/RHSA-2026:18059nvd
- access.redhat.com/errata/RHSA-2026:33371nvd
News mentions
0No linked articles in our index yet.