CVE-2025-23367: Improper Access Control
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
AI Analysis
Technical Summary
The vulnerability CVE-2025-23367 involves improper access control in the Wildfly Server RBAC provider. Specifically, the Suspend and Resume handlers fail to validate user permissions, allowing users with Monitor or Auditor roles—intended to have only read access—to suspend or resume the server. This flaw is present in Red Hat JBoss Enterprise Application Platform 7.4 prior to version 7.4.21. Red Hat has issued an important security update that fixes this issue as part of their JBoss Enterprise Application Platform 7.4.21 security update.
Potential Impact
Exploitation of this vulnerability allows users with limited read-only roles (Monitor or Auditor) to perform unauthorized management operations, specifically suspending or resuming the server. While this does not lead to confidentiality or integrity loss, it can cause denial of service by disrupting server availability. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the potential for availability impact without privilege escalation or data compromise.
Mitigation Recommendations
A security update fixing this vulnerability is available in Red Hat JBoss Enterprise Application Platform 7.4.21. Users should apply this official patch to remediate the issue. Before updating, ensure all previous errata are applied and back up existing installations and configurations. Refer to Red Hat's official guidance at https://access.redhat.com/articles/11258 for update instructions. No additional mitigation is required as the patch fully addresses the improper access control flaw.
CVE-2025-23367: Improper Access Control
Description
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-23367 involves improper access control in the Wildfly Server RBAC provider. Specifically, the Suspend and Resume handlers fail to validate user permissions, allowing users with Monitor or Auditor roles—intended to have only read access—to suspend or resume the server. This flaw is present in Red Hat JBoss Enterprise Application Platform 7.4 prior to version 7.4.21. Red Hat has issued an important security update that fixes this issue as part of their JBoss Enterprise Application Platform 7.4.21 security update.
Potential Impact
Exploitation of this vulnerability allows users with limited read-only roles (Monitor or Auditor) to perform unauthorized management operations, specifically suspending or resuming the server. While this does not lead to confidentiality or integrity loss, it can cause denial of service by disrupting server availability. The CVSS v3.1 base score is 6.5 (medium severity), reflecting the potential for availability impact without privilege escalation or data compromise.
Mitigation Recommendations
A security update fixing this vulnerability is available in Red Hat JBoss Enterprise Application Platform 7.4.21. Users should apply this official patch to remediate the issue. Before updating, ensure all previous errata are applied and back up existing installations and configurations. Refer to Red Hat's official guidance at https://access.redhat.com/articles/11258 for update instructions. No additional mitigation is required as the patch fully addresses the improper access control flaw.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-01-14T15:23:42.645Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:3465","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:3467","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:3989","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:3990","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:3992","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-23367","vendor":"Red Hat"}]
Threat ID: 682d981bc4522896dcbd9e1d
Added to database: 5/21/2025, 9:08:43 AM
Last enriched: 5/1/2026, 2:05:39 AM
Last updated: 5/8/2026, 6:45:39 PM
Views: 85
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.