Zurück zur CVE-Übersicht
CVE-2025-2251
MEDIUM(6.2)CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Risk Signal Score16/100 — NIEDRIG
- CVSS 6.2 — Mittel
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.2
Technische Schwere
Beschreibung
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
Referenzen
- https://access.redhat.com/errata/RHSA-2025:10452
- https://access.redhat.com/errata/RHSA-2025:10453
- https://access.redhat.com/errata/RHSA-2025:10459
- https://access.redhat.com/errata/RHSA-2025:10924
- https://access.redhat.com/errata/RHSA-2025:10925
- https://access.redhat.com/errata/RHSA-2025:10926
- https://access.redhat.com/errata/RHSA-2025:10931
- https://access.redhat.com/security/cve/CVE-2025-2251
- https://bugzilla.redhat.com/show_bug.cgi?id=2351678
- https://github.com/wildfly/wildfly/pull/18872