{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25872?format=json","vulnerability_id":"VCID-aqrs-a7v7-6kfh","summary":"WildFly improper RBAC permission\nA flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.\n\n### Impact\nStandalone server (Domain mode is not affected) with use access control enabled with RBAC provider can be suspended or resumed by unauthorized users. When a server is suspended, the server will stop receiving user requests. The resume handle does the opposite; it will cause a suspended server to start accepting user requests.\n\n### Patches\nFixed in [WildFly Core 27.0.1.Final](https://github.com/wildfly/wildfly-core/releases/tag/27.0.1.Final)\n\n### Workarounds\nNo workaround available\n\n### References\nSee also: https://issues.redhat.com/browse/WFCORE-7153\n\n### Acknowledgements\nThe WildFly project would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue. https://www.gruppotim.it/it/footer/red-team.html","aliases":[{"alias":"CVE-2025-23367"},{"alias":"GHSA-qr6x-62gq-4ccp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69159?format=json","purl":"pkg:maven/org.wildfly.core/wildfly-server@27.0.1.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@27.0.1.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/69161?format=json","purl":"pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69160?format=json","purl":"pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/89896?format=json","purl":"pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89927?format=json","purl":"pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89882?format=json","purl":"pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89919?format=json","purl":"pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89900?format=json","purl":"pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89883?format=json","purl":"pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89917?format=json","purl":"pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89898?format=json","purl":"pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/89936?format=json","purl":"pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j1w-c84m-b3h3"},{"vulnerability":"VCID-5vth-uvb8-kke2"},{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-epex-9q5x-ykf3"},{"vulnerability":"VCID-myp6-7rre-euex"},{"vulnerability":"VCID-pwnn-qx48-ykae"},{"vulnerability":"VCID-tp3n-7ac7-aqg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587080?format=json","purl":"pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587069?format=json","purl":"pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587076?format=json","purl":"pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587064?format=json","purl":"pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587078?format=json","purl":"pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587068?format=json","purl":"pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587065?format=json","purl":"pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587073?format=json","purl":"pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587077?format=json","purl":"pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587063?format=json","purl":"pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587079?format=json","purl":"pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587067?format=json","purl":"pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587082?format=json","purl":"pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587072?format=json","purl":"pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587071?format=json","purl":"pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587074?format=json","purl":"pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587066?format=json","purl":"pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587075?format=json","purl":"pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587081?format=json","purl":"pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/587070?format=json","purl":"pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/91397?format=json","purl":"pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/91396?format=json","purl":"pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1%3Farch=el9eap"},{"url":"http://public2.vulnerablecode.io/api/packages/91792?format=json","purl":"pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/91793?format=json","purl":"pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1?arch=el9eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aqrs-a7v7-6kfh"},{"vulnerability":"VCID-rkxb-8u8q-1ua4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1%3Farch=el9eap"}],"references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3465","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3467","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3989","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3990","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3990"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3992","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3992"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4548","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4549","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4550","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4552","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:4552"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23367.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23367.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-23367","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-23367"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23367","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41768","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42012","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42061","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42034","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41964","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41903","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41897","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41812","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41672","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4174","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41758","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41668","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41693","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42053","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42041","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42075","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337620","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337620"},{"reference_url":"https://github.com/wildfly/wildfly-core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wildfly/wildfly-core"},{"reference_url":"https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qr6x-62gq-4ccp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qr6x-62gq-4ccp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23367","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23367"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-qr6x-62gq-4ccp","reference_id":"GHSA-qr6x-62gq-4ccp","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/"}],"url":"https://github.com/advisories/GHSA-qr6x-62gq-4ccp"}],"weaknesses":[{"cwe_id":284,"name":"Improper Access Control","description":"The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqrs-a7v7-6kfh"}