Incorrect Authorization Affecting wildfly package, versions <35.0.1-r17
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Incorrect Authorization vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-CHAINGUARDLATEST-WILDFLY-9653206
- published4 Apr 2025
- disclosed1 Apr 2025
Introduced: 1 Apr 2025
NewCVE-2025-27427 (opens in a new tab)How to fix?
Upgrade Chainguard wildfly to version 35.0.1-r17 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream wildfly package and not the wildfly package as distributed by Chainguard.
See How to fix? for Chainguard relevant fixed versions and status.
A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address.
This issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0.
Users are recommended to upgrade to version 2.40.0 which fixes the issue.