Medium severity6.2NVD Advisory· Published Apr 7, 2025· Updated Apr 15, 2026
CVE-2025-2251
CVE-2025-2251
Description
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2025:10452nvd
- access.redhat.com/errata/RHSA-2025:10453nvd
- access.redhat.com/errata/RHSA-2025:10459nvd
- access.redhat.com/errata/RHSA-2025:10924nvd
- access.redhat.com/errata/RHSA-2025:10925nvd
- access.redhat.com/errata/RHSA-2025:10926nvd
- access.redhat.com/errata/RHSA-2025:10931nvd
- access.redhat.com/security/cve/CVE-2025-2251nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.