VDB

RHSA-2025%3A1635

RHSA-2025%3A1635 PUBLISHED CVSS 7.099999904632568 HIGH

A flaw was found in the createTempFile method of hornetq. Affected version of hornetq allows attackers to arbitrarily overwrite files or access sensitive information.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Red HatNone.ansi-styles-3.2.1 as a component of Red Hat JBoss Enterprise Application Platform None.ansi-styles-3.2.1
Red Hatorg.jboss.eap.wildfly-clustering-singleton-api-7.4.21.GA-redhat-00001.jar as a component of Red Hat JBoss Enterprise Application Platform org.jboss.eap.wildfly-clustering-singleton-api-7.4.21.GA-redhat-00001.jar
Red Hatorg.wildfly.core.wildfly-remoting-15.0.40.Final-redhat-00002.jar as a component of Red Hat JBoss Enterprise Application Platform org.wildfly.core.wildfly-remoting-15.0.40.Final-redhat-00002.jar
Red Hatorg.codehaus.jackson.jackson-mapper-asl-1.9.13.redhat-00007.jar as a component of Red Hat JBoss Enterprise Application Platform *
Red HatNone.patternfly-bootstrap-treeview-2.1.5 as a component of Red Hat JBoss Enterprise Application Platform *
Red Hatorg.projectodd.vdx.vdx-wildfly-1.1.6.redhat-1.jar as a component of Red Hat JBoss Enterprise Application Platform org.projectodd.vdx.vdx-wildfly-1.1.6.redhat-1.jar
Red Hatio.netty.netty-codec-smtp-4.1.108.Final-redhat-00001.jar as a component of Red Hat JBoss Enterprise Application Platform io.netty.netty-codec-smtp-4.1.108.Final-redhat-00001.jar
Red HatNone.spdx-exceptions-2.2.0 as a component of Red Hat JBoss Enterprise Application Platform None.spdx-exceptions-2.2.0
Red Hatorg.hibernate.hibernate-search-serialization-avro-5.10.13.Final-redhat-00001.jar as a component of Red Hat JBoss Enterprise Application Platform org.hibernate.hibernate-search-serialization-avro-5.10.13.Final-redhat-00001.jar
Red HatNone.trim-trailing-lines-1.1.2 as a component of Red Hat JBoss Enterprise Application Platform None.trim-trailing-lines-1.1.2
Red Hatorg.jboss.eap.wildfly-iiop-openjdk-7.4.21.GA-redhat-00001.jar as a component of Red Hat JBoss Enterprise Application Platform org.jboss.eap.wildfly-iiop-openjdk-7.4.21.GA-redhat-00001.jar
Red HatNone.deferred-leveldown-5.3.0 as a component of Red Hat JBoss Enterprise Application Platform *
Red HatNone.use-3.1.1 as a component of Red Hat JBoss Enterprise Application Platform None.use-3.1.1
Red Hat@types.d3-dispatch-1.0.6 as a component of Red Hat JBoss Enterprise Application Platform @types.d3-dispatch-1.0.6
Red HatNone.p-try-1.0.0 as a component of Red Hat JBoss Enterprise Application Platform None.p-try-1.0.0
Red Hatorg.jboss.security.jboss-negotiation-spnego-3.0.6.Final-redhat-00001.pom as a component of Red Hat JBoss Enterprise Application Platform org.jboss.security.jboss-negotiation-spnego-3.0.6.Final-redhat-00001.pom
Red Hatorg.jboss.narayana.compensations.compensations-5.11.4.Final-redhat-00001.pom as a component of Red Hat JBoss Enterprise Application Platform org.jboss.narayana.compensations.compensations-5.11.4.Final-redhat-00001.pom
Red HatNone.grunt-legacy-util-1.1.1 as a component of Red Hat JBoss Enterprise Application Platform None.grunt-legacy-util-1.1.1
Red HatNone.tiny-emitter-2.1.0 as a component of Red Hat JBoss Enterprise Application Platform *
Red HatNone.d3-array-1.2.4 as a component of Red Hat JBoss Enterprise Application Platform None.d3-array-1.2.4

…and 2176 more

Timeline

  • Feb 18, 2025 CVE Published
  • Apr 30, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›