CVE-2025-23368

{"id": "CVE-2025-23368", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2025-03-04T16:15:39.270", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-23368", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621", "source": "secalert@redhat.com"}, {"url": "https://www.gruppotim.it/it/footer/red-team.html", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la integraci\u00f3n de Wildfly Elytron. El componente no implementa medidas suficientes para evitar m\u00faltiples intentos fallidos de autenticaci\u00f3n en un corto per\u00edodo de tiempo, lo que lo hace m\u00e1s susceptible a ataques de fuerza bruta a trav\u00e9s de la interfaz de l\u00ednea de comandos."}], "lastModified": "2025-05-31T19:15:20.510", "sourceIdentifier": "secalert@redhat.com"}