๐Ÿ” CVE Alert

CVE-2025-2251

MEDIUM 6.2

Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution

CVSS Score
6.2
EPSS Score
0.0%
EPSS Percentile
0th

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

CWE CWE-502
Published Apr 7, 2025
Last Updated Nov 11, 2025
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat JBoss Enterprise Application Platform 7.4.23
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0.8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10452 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10453 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10459 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10924 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10925 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10926 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10931 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-2251 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2351678

Credits

Red Hat would like to thank Pupi1 for reporting this issue.