CVE-2025-2251
Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.2EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
07 abr 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Produtos afetados
wildflyRed Hat · Red Hat JBoss Enterprise Application Platform 7.4.23Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 8.0.8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2025:10452https://access.redhat.com/errata/RHSA-2025:10453https://access.redhat.com/errata/RHSA-2025:10459https://access.redhat.com/errata/RHSA-2025:10924https://access.redhat.com/errata/RHSA-2025:10925https://access.redhat.com/errata/RHSA-2025:10926https://access.redhat.com/errata/RHSA-2025:10931https://access.redhat.com/security/cve/CVE-2025-2251https://bugzilla.redhat.com/show_bug.cgi?id=2351678https://github.com/wildfly/wildfly/pull/18872https://github.com/wildfly/wildfly/releases/tag/36.0.0.Finalhttps://issues.redhat.com/browse/WFLY-20550