Medium severity6.2NVD Advisory· Published Apr 7, 2025· Updated Apr 15, 2026
CVE-2025-2251
CVE-2025-2251
Description
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- access.redhat.com/errata/RHSA-2025:10452nvd
- access.redhat.com/errata/RHSA-2025:10453nvd
- access.redhat.com/errata/RHSA-2025:10459nvd
- access.redhat.com/errata/RHSA-2025:10924nvd
- access.redhat.com/errata/RHSA-2025:10925nvd
- access.redhat.com/errata/RHSA-2025:10926nvd
- access.redhat.com/errata/RHSA-2025:10931nvd
- access.redhat.com/security/cve/CVE-2025-2251nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.