Vulnerability Description
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:10452
- https://access.redhat.com/errata/RHSA-2025:10453
- https://access.redhat.com/errata/RHSA-2025:10459
- https://access.redhat.com/errata/RHSA-2025:10924
- https://access.redhat.com/errata/RHSA-2025:10925
- https://access.redhat.com/errata/RHSA-2025:10926
- https://access.redhat.com/errata/RHSA-2025:10931
- https://access.redhat.com/security/cve/CVE-2025-2251
- https://bugzilla.redhat.com/show_bug.cgi?id=2351678
FAQ
What is CVE-2025-2251?
CVE-2025-2251 is a vulnerability with a CVSS score of 6.2 (MEDIUM). A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deseri...
How severe is CVE-2025-2251?
CVE-2025-2251 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-2251?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.