CVE-2025-23367
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server.
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.
Vendor
Product
CWE
Yayın Tarihi
2025-01-30 15:15:18
Güncelleme
2026-02-10 14:16:09
Source Identifier
secalert@redhat.com
KEV Date Added
-
Kategoriler
Referanslar
https://access.redhat.com/errata/RHSA-2025:3465
https://access.redhat.com/errata/RHSA-2025:3467
https://access.redhat.com/errata/RHSA-2025:3989
https://access.redhat.com/errata/RHSA-2025:3990
https://access.redhat.com/errata/RHSA-2025:3992
https://access.redhat.com/security/cve/CVE-2025-23367
https://bugzilla.redhat.com/show_bug.cgi?id=2337620
https://github.com/advisories/GHSA-qr6x-62gq-4ccp