Vulnerabilities > CVE-2025-2251

CVSS 6.2 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

CWE-502

NVD

Published: 2025-04-07

Updated: 2025-04-07

Summary

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://access.redhat.com/security/cve/CVE-2025-2251
https://bugzilla.redhat.com/show_bug.cgi?id=2351678

Vulnerabilities > CVE-2025-2251 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-2251"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-2251