Description

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

INFO

Published Date :

2025-01-30T14:30:04.227Z

Last Modified :

2026-04-01T13:29:56.943Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23367 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Jboss Enterprise Bpms Platform
  • Jboss Fuse
  • Jbosseapxp
  • Red Hat Single Sign On
  • Wildfly
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23367.

URL Resource
https://access.redhat.com/errata/RHSA-2025:3465 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3467 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3989 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3990 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:3992 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2025-23367 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2337620 cve-icon cve-icon
https://github.com/advisories/GHSA-qr6x-62gq-4ccp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-23367 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-23367 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact