CVE-2025-23366: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
AI Analysis
Technical Summary
This vulnerability involves improper neutralization of input in the HAL Console of Wildfly, leading to stored cross-site scripting (XSS). Authenticated users with elevated management privileges can inject malicious scripts that are then served to other users, potentially compromising confidentiality and integrity of data viewed in the management console. The issue is tracked as CVE-2025-23366 with a CVSS score of 6.5. Red Hat has published security advisories RHSA-2025:10924 and RHSA-2025:10925 detailing patches included in JBoss Enterprise Application Platform 7.4.23 for RHEL 7 and 8 respectively. These updates fix the vulnerability by upgrading the HAL Console component and related dependencies.
Potential Impact
Successful exploitation allows an authenticated user with management privileges to execute arbitrary scripts in the context of the management console web interface, potentially leading to unauthorized disclosure or modification of sensitive information accessible through the console. The vulnerability does not impact availability. The CVSS score of 6.5 reflects high impact on confidentiality and integrity but requires high privileges and no user interaction.
Mitigation Recommendations
An official security update is available from Red Hat in JBoss Enterprise Application Platform 7.4.23 for both RHEL 7 and RHEL 8. Users should apply this update after ensuring all prior errata are applied and backing up their systems. The update upgrades the HAL Console component to version 3.3.27, which contains the fix for this XSS vulnerability. No additional mitigations are indicated by the vendor advisory. Patch status is confirmed by Red Hat advisories RHSA-2025:10924 and RHSA-2025:10925.
CVE-2025-23366: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper neutralization of input in the HAL Console of Wildfly, leading to stored cross-site scripting (XSS). Authenticated users with elevated management privileges can inject malicious scripts that are then served to other users, potentially compromising confidentiality and integrity of data viewed in the management console. The issue is tracked as CVE-2025-23366 with a CVSS score of 6.5. Red Hat has published security advisories RHSA-2025:10924 and RHSA-2025:10925 detailing patches included in JBoss Enterprise Application Platform 7.4.23 for RHEL 7 and 8 respectively. These updates fix the vulnerability by upgrading the HAL Console component and related dependencies.
Potential Impact
Successful exploitation allows an authenticated user with management privileges to execute arbitrary scripts in the context of the management console web interface, potentially leading to unauthorized disclosure or modification of sensitive information accessible through the console. The vulnerability does not impact availability. The CVSS score of 6.5 reflects high impact on confidentiality and integrity but requires high privileges and no user interaction.
Mitigation Recommendations
An official security update is available from Red Hat in JBoss Enterprise Application Platform 7.4.23 for both RHEL 7 and RHEL 8. Users should apply this update after ensuring all prior errata are applied and backing up their systems. The update upgrades the HAL Console component to version 3.3.27, which contains the fix for this XSS vulnerability. No additional mitigations are indicated by the vendor advisory. Patch status is confirmed by Red Hat advisories RHSA-2025:10924 and RHSA-2025:10925.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-01-14T15:23:42.645Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:10924","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:10925","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:10926","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-23366","vendor":"Red Hat"}]
Threat ID: 68b38a1cad5a09ad0096159f
Added to database: 8/30/2025, 11:32:44 PM
Last enriched: 5/1/2026, 2:05:28 AM
Last updated: 5/9/2026, 8:00:53 AM
Views: 180
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.