VDB
CISA-2025-2251
CISA-2025-2251
PUBLISHED
CVSS 6.2 MEDIUM
Reported by redhat · Published April 7, 2025
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
Risk Scores
CVSS 3.1
6.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 | ||
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4.23 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:2.16.0-21.redhat_00055.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:3.5.10-1.redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 1:1.0.2-5.redhat_00004.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:1.9.6-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:2.3.14-9.SP10_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:3.3.27-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:6.0.23-3.SP2_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:1.5.21-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:1.10.0-42.Final_redhat_00042.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:5.4.15-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:7.4.23-3.GA_redhat_00002.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | 0:1.15.26-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:2.16.0-21.redhat_00055.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:3.5.10-1.redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 1:1.0.2-5.redhat_00004.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:1.9.6-1.Final_redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:2.3.14-9.SP10_redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | 0:3.3.27-1.Final_redhat_00001.1.el9eap |
…and 136 more
Timeline
- Apr 7, 2025 CVE Published
- Nov 11, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2025:10452 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10453 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10459 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10924 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10925 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10926 vendor-advisoryx_refsource_REDHAT
- RHSA-2025:10931 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2351678 issue-trackingx_refsource_REDHAT