VDB

CISA-2025-2251

CISA-2025-2251 PUBLISHED CVSS 6.2 MEDIUM

Reported by redhat · Published April 7, 2025

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

Risk Scores

CVSS 3.1
6.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

Affected Products

VendorProductVersions
0
Red HatRed Hat JBoss Enterprise Application Platform 7.4.23
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:2.16.0-21.redhat_00055.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:3.5.10-1.redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 81:1.0.2-5.redhat_00004.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:1.9.6-1.Final_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:2.3.14-9.SP10_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:3.3.27-1.Final_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:6.0.23-3.SP2_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:1.5.21-1.Final_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:1.10.0-42.Final_redhat_00042.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:5.4.15-1.Final_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:7.4.23-3.GA_redhat_00002.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 80:1.15.26-1.Final_redhat_00001.1.el8eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:2.16.0-21.redhat_00055.1.el9eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:3.5.10-1.redhat_00001.1.el9eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 91:1.0.2-5.redhat_00004.1.el9eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:1.9.6-1.Final_redhat_00001.1.el9eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:2.3.14-9.SP10_redhat_00001.1.el9eap
Red HatRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 90:3.3.27-1.Final_redhat_00001.1.el9eap

…and 136 more

Timeline

  • Apr 7, 2025 CVE Published
  • Nov 11, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›