Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-23367

Good to know:

icon
icon

Date: January 30, 2025

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

Severity Score

Related Resources (9)

https://access.redhat.com/errata/RHSA-2025:3465
https://access.redhat.com/security/cve/CVE-2025-23367
https://nvd.nist.gov/vuln/detail/CVE-2025-23367
https://github.com/advisories/GHSA-qr6x-62gq-4ccp
https://github.com/wildfly/wildfly-core
https://bugzilla.redhat.com/show_bug.cgi?id=2337620
https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qr6x-62gq-4ccp
https://access.redhat.com/errata/RHSA-2025:3467
https://www.mend.io/vulnerability-database/CVE-2025-23367

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version org.wildfly.core:wildfly-server:27.0.1.Final;org.amqphub.jca:resource-adapter-thorntail-example:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us