← volver
CVE-2025-2251

Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution

CVSS 6.2 MEDIUMEPSS 0.9%CWE-502
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.2EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
07 abr 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Productos afectados
wildflyRed Hat · Red Hat JBoss Enterprise Application Platform 7.4.23Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 8.0.8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform Expansion Pack

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2025:10452https://access.redhat.com/errata/RHSA-2025:10453https://access.redhat.com/errata/RHSA-2025:10459https://access.redhat.com/errata/RHSA-2025:10924https://access.redhat.com/errata/RHSA-2025:10925https://access.redhat.com/errata/RHSA-2025:10926https://access.redhat.com/errata/RHSA-2025:10931https://access.redhat.com/security/cve/CVE-2025-2251https://bugzilla.redhat.com/show_bug.cgi?id=2351678https://github.com/wildfly/wildfly/pull/18872https://github.com/wildfly/wildfly/releases/tag/36.0.0.Finalhttps://issues.redhat.com/browse/WFLY-20550