CVE-2025-2251

Medium CVSS: 6.2

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

Vendor

Product

CWE

CWE-502

Yayın Tarihi

2025-04-07 14:15:24

Güncelleme

2025-07-14 20:15:26

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-502 MEDIUM 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:10452 https://access.redhat.com/errata/RHSA-2025:10453 https://access.redhat.com/errata/RHSA-2025:10459 https://access.redhat.com/errata/RHSA-2025:10924 https://access.redhat.com/errata/RHSA-2025:10925 https://access.redhat.com/errata/RHSA-2025:10926 https://access.redhat.com/errata/RHSA-2025:10931 https://access.redhat.com/security/cve/CVE-2025-2251 https://bugzilla.redhat.com/show_bug.cgi?id=2351678