Home
MEDIUM: 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:HDefault status
unaffected
Any version before 36.0.0
affected
Default status
unaffected
Default status
affected
0:2.16.0-21.redhat_00055.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.5.10-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
1:1.0.2-5.redhat_00004.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.9.6-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.3.14-9.SP10_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.3.27-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.0.23-3.SP2_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.5.21-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.10.0-42.Final_redhat_00042.1.el8eap (rpm) before *
unaffected
Default status
affected
0:5.4.15-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:7.4.23-3.GA_redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.15.26-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.16.0-21.redhat_00055.1.el9eap (rpm) before *
unaffected
Default status
affected
0:3.5.10-1.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
1:1.0.2-5.redhat_00004.1.el9eap (rpm) before *
unaffected
Default status
affected
0:1.9.6-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.3.14-9.SP10_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:3.3.27-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:6.0.23-3.SP2_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:1.5.21-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:1.10.0-42.Final_redhat_00042.1.el9eap (rpm) before *
unaffected
Default status
affected
0:5.4.15-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:7.4.23-3.GA_redhat_00002.1.el9eap (rpm) before *
unaffected
Default status
affected
0:1.15.26-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.16.0-21.redhat_00055.1.el7eap (rpm) before *
unaffected
Default status
affected
0:3.5.10-1.redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
1:1.0.2-5.redhat_00004.1.el7eap (rpm) before *
unaffected
Default status
affected
0:1.9.6-1.Final_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:2.3.14-9.SP10_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:3.3.27-1.Final_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:6.0.23-3.SP2_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:1.5.21-1.Final_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:1.10.0-42.Final_redhat_00042.1.el7eap (rpm) before *
unaffected
Default status
affected
0:5.4.15-1.Final_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
affected
0:7.4.23-3.GA_redhat_00002.1.el7eap (rpm) before *
unaffected
Default status
affected
0:1.15.26-1.Final_redhat_00001.1.el7eap (rpm) before *
unaffected
Default status
unaffected
Default status
affected
0:2.33.0-3.redhat_00017.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.11.0-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.0.6-2.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:0.8.12-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:800.8.0-1.GA_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.0.3-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.1-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.6.24-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.2.36-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.1.5-4.redhat_00006.1.el8eap (rpm) before *
unaffected
Default status
affected
0:5.0.31-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:7.3.3-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.0.6-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.2.1-1.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.2.21-3.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.0.17-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.3.0-4.redhat_00010.1.el8eap (rpm) before *
unaffected
Default status
affected
0:8.0.8-4.GA_redhat_00006.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.2.11-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.33.0-3.redhat_00017.1.el9eap (rpm) before *
unaffected
Default status
affected
0:1.11.0-1.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:4.0.6-2.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:0.8.12-1.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:800.8.0-1.GA_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:4.0.3-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.1.1-1.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:3.6.24-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:6.2.36-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:4.1.5-4.redhat_00006.1.el9eap (rpm) before *
unaffected
Default status
affected
0:5.0.31-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:7.3.3-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:6.0.6-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:3.2.1-1.redhat_00002.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.2.21-3.redhat_00002.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.0.17-1.redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.3.0-4.redhat_00010.1.el9eap (rpm) before *
unaffected
Default status
affected
0:8.0.8-4.GA_redhat_00006.1.el9eap (rpm) before *
unaffected
Default status
affected
0:2.2.11-1.Final_redhat_00001.1.el9eap (rpm) before *
unaffected
Default status
unaffected
Description
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
Problem types
Deserialization of Untrusted Data
Product status
Any version before 36.0.0
0:2.16.0-21.redhat_00055.1.el8eap (rpm) before *
0:3.5.10-1.redhat_00001.1.el8eap (rpm) before *
1:1.0.2-5.redhat_00004.1.el8eap (rpm) before *
0:1.9.6-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.3.14-9.SP10_redhat_00001.1.el8eap (rpm) before *
0:3.3.27-1.Final_redhat_00001.1.el8eap (rpm) before *
0:6.0.23-3.SP2_redhat_00001.1.el8eap (rpm) before *
0:1.5.21-1.Final_redhat_00001.1.el8eap (rpm) before *
0:1.10.0-42.Final_redhat_00042.1.el8eap (rpm) before *
0:5.4.15-1.Final_redhat_00001.1.el8eap (rpm) before *
0:7.4.23-3.GA_redhat_00002.1.el8eap (rpm) before *
0:1.15.26-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.16.0-21.redhat_00055.1.el9eap (rpm) before *
0:3.5.10-1.redhat_00001.1.el9eap (rpm) before *
1:1.0.2-5.redhat_00004.1.el9eap (rpm) before *
0:1.9.6-1.Final_redhat_00001.1.el9eap (rpm) before *
0:2.3.14-9.SP10_redhat_00001.1.el9eap (rpm) before *
0:3.3.27-1.Final_redhat_00001.1.el9eap (rpm) before *
0:6.0.23-3.SP2_redhat_00001.1.el9eap (rpm) before *
0:1.5.21-1.Final_redhat_00001.1.el9eap (rpm) before *
0:1.10.0-42.Final_redhat_00042.1.el9eap (rpm) before *
0:5.4.15-1.Final_redhat_00001.1.el9eap (rpm) before *
0:7.4.23-3.GA_redhat_00002.1.el9eap (rpm) before *
0:1.15.26-1.Final_redhat_00001.1.el9eap (rpm) before *
0:2.16.0-21.redhat_00055.1.el7eap (rpm) before *
0:3.5.10-1.redhat_00001.1.el7eap (rpm) before *
1:1.0.2-5.redhat_00004.1.el7eap (rpm) before *
0:1.9.6-1.Final_redhat_00001.1.el7eap (rpm) before *
0:2.3.14-9.SP10_redhat_00001.1.el7eap (rpm) before *
0:3.3.27-1.Final_redhat_00001.1.el7eap (rpm) before *
0:6.0.23-3.SP2_redhat_00001.1.el7eap (rpm) before *
0:1.5.21-1.Final_redhat_00001.1.el7eap (rpm) before *
0:1.10.0-42.Final_redhat_00042.1.el7eap (rpm) before *
0:5.4.15-1.Final_redhat_00001.1.el7eap (rpm) before *
0:7.4.23-3.GA_redhat_00002.1.el7eap (rpm) before *
0:1.15.26-1.Final_redhat_00001.1.el7eap (rpm) before *
0:2.33.0-3.redhat_00017.1.el8eap (rpm) before *
0:1.11.0-1.redhat_00001.1.el8eap (rpm) before *
0:4.0.6-2.redhat_00001.1.el8eap (rpm) before *
0:0.8.12-1.redhat_00001.1.el8eap (rpm) before *
0:800.8.0-1.GA_redhat_00001.1.el8eap (rpm) before *
0:4.0.3-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.1.1-1.redhat_00001.1.el8eap (rpm) before *
0:3.6.24-1.Final_redhat_00001.1.el8eap (rpm) before *
0:6.2.36-1.Final_redhat_00001.1.el8eap (rpm) before *
0:4.1.5-4.redhat_00006.1.el8eap (rpm) before *
0:5.0.31-1.Final_redhat_00001.1.el8eap (rpm) before *
0:7.3.3-1.Final_redhat_00001.1.el8eap (rpm) before *
0:6.0.6-1.Final_redhat_00001.1.el8eap (rpm) before *
0:3.2.1-1.redhat_00002.1.el8eap (rpm) before *
0:2.2.21-3.redhat_00002.1.el8eap (rpm) before *
0:2.0.17-1.redhat_00001.1.el8eap (rpm) before *
0:2.3.0-4.redhat_00010.1.el8eap (rpm) before *
0:8.0.8-4.GA_redhat_00006.1.el8eap (rpm) before *
0:2.2.11-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.33.0-3.redhat_00017.1.el9eap (rpm) before *
0:1.11.0-1.redhat_00001.1.el9eap (rpm) before *
0:4.0.6-2.redhat_00001.1.el9eap (rpm) before *
0:0.8.12-1.redhat_00001.1.el9eap (rpm) before *
0:800.8.0-1.GA_redhat_00001.1.el9eap (rpm) before *
0:4.0.3-1.Final_redhat_00001.1.el9eap (rpm) before *
0:2.1.1-1.redhat_00001.1.el9eap (rpm) before *
0:3.6.24-1.Final_redhat_00001.1.el9eap (rpm) before *
0:6.2.36-1.Final_redhat_00001.1.el9eap (rpm) before *
0:4.1.5-4.redhat_00006.1.el9eap (rpm) before *
0:5.0.31-1.Final_redhat_00001.1.el9eap (rpm) before *
0:7.3.3-1.Final_redhat_00001.1.el9eap (rpm) before *
0:6.0.6-1.Final_redhat_00001.1.el9eap (rpm) before *
0:3.2.1-1.redhat_00002.1.el9eap (rpm) before *
0:2.2.21-3.redhat_00002.1.el9eap (rpm) before *
0:2.0.17-1.redhat_00001.1.el9eap (rpm) before *
0:2.3.0-4.redhat_00010.1.el9eap (rpm) before *
0:8.0.8-4.GA_redhat_00006.1.el9eap (rpm) before *
0:2.2.11-1.Final_redhat_00001.1.el9eap (rpm) before *
Timeline
| 2025-03-12: | Reported to Red Hat. |
| 2025-04-07: | Made public. |
Credits
Red Hat would like to thank Pupi1 for reporting this issue.
References
access.redhat.com/errata/RHSA-2025:10452 (RHSA-2025:10452)
access.redhat.com/errata/RHSA-2025:10453 (RHSA-2025:10453)
access.redhat.com/errata/RHSA-2025:10459 (RHSA-2025:10459)
access.redhat.com/errata/RHSA-2025:10924 (RHSA-2025:10924)
access.redhat.com/errata/RHSA-2025:10925 (RHSA-2025:10925)
access.redhat.com/errata/RHSA-2025:10926 (RHSA-2025:10926)
access.redhat.com/errata/RHSA-2025:10931 (RHSA-2025:10931)
access.redhat.com/security/cve/CVE-2025-2251
bugzilla.redhat.com/show_bug.cgi?id=2351678 (RHBZ#2351678)