{"api_version":"1","generated_at":"2026-06-26T09:30:01+00:00","cve":"CVE-2025-2251","urls":{"html":"https://cve.report/CVE-2025-2251","api":"https://cve.report/api/cve/CVE-2025-2251.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-2251","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-2251"},"summary":{"title":"Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution","description":"A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.","state":"PUBLISHED","assigner":"redhat","published_at":"2025-04-07 14:15:24","updated_at":"2026-06-26 00:16:46"},"problem_types":["CWE-502","CWE-502 Deserialization of Untrusted Data"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"6.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.2","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/wildfly/wildfly/pull/18872","name":"https://github.com/wildfly/wildfly/pull/18872","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10453","name":"https://access.redhat.com/errata/RHSA-2025:10453","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/wildfly/wildfly/releases/tag/36.0.0.Final","name":"https://github.com/wildfly/wildfly/releases/tag/36.0.0.Final","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351678","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2351678","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10452","name":"https://access.redhat.com/errata/RHSA-2025:10452","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10925","name":"https://access.redhat.com/errata/RHSA-2025:10925","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10924","name":"https://access.redhat.com/errata/RHSA-2025:10924","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10459","name":"https://access.redhat.com/errata/RHSA-2025:10459","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2025-2251","name":"https://access.redhat.com/security/cve/CVE-2025-2251","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://issues.redhat.com/browse/WFLY-20550","name":"https://issues.redhat.com/browse/WFLY-20550","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10926","name":"https://access.redhat.com/errata/RHSA-2025:10926","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2025:10931","name":"https://access.redhat.com/errata/RHSA-2025:10931","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-2251","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2251","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4.23","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:2.16.0-21.redhat_00055.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:3.5.10-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 1:1.0.2-5.redhat_00004.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:1.9.6-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:2.3.14-9.SP10_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:3.3.27-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:6.0.23-3.SP2_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:1.5.21-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:1.10.0-42.Final_redhat_00042.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:5.4.15-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:7.4.23-3.GA_redhat_00002.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","version":"unaffected 0:1.15.26-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:2.16.0-21.redhat_00055.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:3.5.10-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 1:1.0.2-5.redhat_00004.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:1.9.6-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:2.3.14-9.SP10_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:3.3.27-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:6.0.23-3.SP2_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:1.5.21-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:1.10.0-42.Final_redhat_00042.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:5.4.15-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:7.4.23-3.GA_redhat_00002.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","version":"unaffected 0:1.15.26-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:2.16.0-21.redhat_00055.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:3.5.10-1.redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 1:1.0.2-5.redhat_00004.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:1.9.6-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:2.3.14-9.SP10_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:3.3.27-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:6.0.23-3.SP2_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:1.5.21-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:1.10.0-42.Final_redhat_00042.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:5.4.15-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:7.4.23-3.GA_redhat_00002.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","version":"unaffected 0:1.15.26-1.Final_redhat_00001.1.el7eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0.8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.33.0-3.redhat_00017.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:1.11.0-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:4.0.6-2.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:0.8.12-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:800.8.0-1.GA_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:4.0.3-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.1.1-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:3.6.24-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:6.2.36-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:4.1.5-4.redhat_00006.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:5.0.31-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:7.3.3-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:6.0.6-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:3.2.1-1.redhat_00002.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.2.21-3.redhat_00002.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.0.17-1.redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.3.0-4.redhat_00010.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:8.0.8-4.GA_redhat_00006.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","version":"unaffected 0:2.2.11-1.Final_redhat_00001.1.el8eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.33.0-3.redhat_00017.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:1.11.0-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:4.0.6-2.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:0.8.12-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:800.8.0-1.GA_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:4.0.3-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.1.1-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:3.6.24-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:6.2.36-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:4.1.5-4.redhat_00006.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:5.0.31-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:7.3.3-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:6.0.6-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:3.2.1-1.redhat_00002.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.2.21-3.redhat_00002.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.0.17-1.redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.3.0-4.redhat_00010.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:8.0.8-4.GA_redhat_00006.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","version":"unaffected 0:2.2.11-1.Final_redhat_00001.1.el9eap * rpm","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-03-12T13:33:14.782Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-04-07T00:00:00.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Pupi1 for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-2251","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-04-07T14:18:34.200921Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-04-07T15:23:08.507Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://www.wildfly.org/","defaultStatus":"unaffected","packageName":"wildfly","versions":[{"lessThan":"36.0.0","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4"],"defaultStatus":"unaffected","packageName":"wildfly-ejb3","product":"Red Hat JBoss Enterprise Application Platform 7.4.23","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-activemq-artemis","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.16.0-21.redhat_00055.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.10-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-artemis-native","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1:1.0.2-5.redhat_00004.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-elytron-web","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.9.6-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-glassfish-jsf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.14-9.SP10_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-hal-console","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.27-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-hibernate-validator","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.0.23-3.SP2_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-ironjacamar","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.21-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-jboss-server-migration","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.10.0-42.Final_redhat_00042.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-jbossws-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.4.15-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.23-3.GA_redhat_00002.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"],"defaultStatus":"affected","packageName":"eap7-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.15.26-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-activemq-artemis","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.16.0-21.redhat_00055.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.10-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-artemis-native","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1:1.0.2-5.redhat_00004.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-elytron-web","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.9.6-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-glassfish-jsf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.14-9.SP10_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-hal-console","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.27-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-hibernate-validator","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.0.23-3.SP2_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-ironjacamar","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.21-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-jboss-server-migration","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.10.0-42.Final_redhat_00042.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-jbossws-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.4.15-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.23-3.GA_redhat_00002.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"],"defaultStatus":"affected","packageName":"eap7-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.15.26-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-activemq-artemis","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.16.0-21.redhat_00055.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.5.10-1.redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-artemis-native","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"1:1.0.2-5.redhat_00004.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-elytron-web","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.9.6-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-glassfish-jsf","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.14-9.SP10_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-hal-console","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.3.27-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-hibernate-validator","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.0.23-3.SP2_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-ironjacamar","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.5.21-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-jboss-server-migration","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.10.0-42.Final_redhat_00042.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-jbossws-cxf","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.4.15-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.4.23-3.GA_redhat_00002.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"],"defaultStatus":"affected","packageName":"eap7-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.15.26-1.Final_redhat_00001.1.el7eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"unaffected","packageName":"wildfly-ejb3","product":"Red Hat JBoss Enterprise Application Platform 8.0.8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-activemq-artemis","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.33.0-3.redhat_00017.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-apache-commons-beanutils","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.11.0-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-2.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-apache-mime4j","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.8.12-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:800.8.0-1.GA_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-elytron-web","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.3-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-fastinfoset","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.1.1-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-hal-console","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.6.24-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.2.36-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-httpcomponents-asyncclient","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.1.5-4.redhat_00006.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jboss-remoting","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.31-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-jbossws-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.3.3-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-narayana","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.0.6-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-neethi","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.1-1.redhat_00002.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-reactivex-rxjava2","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.21-3.redhat_00002.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-slf4j","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.17-1.redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-velocity","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.0-4.redhat_00010.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.0.8-4.GA_redhat_00006.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.11-1.Final_redhat_00001.1.el8eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-activemq-artemis","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.33.0-3.redhat_00017.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-apache-commons-beanutils","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:1.11.0-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-apache-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.6-2.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-apache-mime4j","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:0.8.12-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-eap-product-conf-parent","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:800.8.0-1.GA_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-elytron-web","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.0.3-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-fastinfoset","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.1.1-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-hal-console","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.6.24-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-hibernate","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.2.36-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-httpcomponents-asyncclient","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:4.1.5-4.redhat_00006.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jboss-remoting","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:5.0.31-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-jbossws-cxf","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:7.3.3-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-narayana","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:6.0.6-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-neethi","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:3.2.1-1.redhat_00002.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-reactivex-rxjava2","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.21-3.redhat_00002.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-slf4j","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.0.17-1.redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-velocity","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.3.0-4.redhat_00010.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:8.0.8-4.GA_redhat_00006.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"],"defaultStatus":"affected","packageName":"eap8-wildfly-elytron","product":"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9","vendor":"Red Hat","versions":[{"lessThan":"*","status":"unaffected","version":"0:2.2.11-1.Final_redhat_00001.1.el9eap","versionType":"rpm"}]},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","packageName":"wildfly-ejb3","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Pupi1 for reporting this issue."}],"datePublic":"2025-04-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-25T23:43:02.049Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2025:10452","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10452"},{"name":"RHSA-2025:10453","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10453"},{"name":"RHSA-2025:10459","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10459"},{"name":"RHSA-2025:10924","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10924"},{"name":"RHSA-2025:10925","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10925"},{"name":"RHSA-2025:10926","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10926"},{"name":"RHSA-2025:10931","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2025:10931"},{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-2251"},{"name":"RHBZ#2351678","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351678"},{"url":"https://github.com/wildfly/wildfly/pull/18872"},{"url":"https://github.com/wildfly/wildfly/releases/tag/36.0.0.Final"},{"url":"https://issues.redhat.com/browse/WFLY-20550"}],"timeline":[{"lang":"en","time":"2025-03-12T13:33:14.782Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-04-07T00:00:00.000Z","value":"Made public."}],"title":"Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution","x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-502: Deserialization of Untrusted Data"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-2251","datePublished":"2025-04-07T14:06:46.985Z","dateReserved":"2025-03-12T13:53:37.117Z","dateUpdated":"2026-06-25T23:43:02.049Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-04-07 14:15:24","lastModifiedDate":"2026-06-26 00:16:46","problem_types":["CWE-502","CWE-502 Deserialization of Untrusted Data"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-07T14:18:34.200921Z","id":"CVE-2025-2251","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"2251","Ordinal":"1","Title":"Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss ma","CVE":"CVE-2025-2251","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"2251","Ordinal":"1","NoteData":"A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.","Type":"Description","Title":"Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss ma"}]}}}