4 matches found
CVE-2025-2251
A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...
CVE-2025-2251 Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution
A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...
CVE-2025-2251 Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution
A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...
CVE-2025-2251
CVE-2025-2251 is an issue in Red Hat JBoss EAP 7.4.x/WildFly where the EJB remote invocation path deserializes untrusted data via JBoss Marshalling, allowing remote code execution without authentication. Red Hat advisories RHSA-2025:10925 and related notices enumerate this vulnerability among sev...