CVE-2025-2251

medium

Description

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2351678

https://access.redhat.com/security/cve/CVE-2025-2251

Details

Source: Mitre, NVD

Published: 2025-04-07

Updated: 2025-04-07

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:H/Au:M/C:P/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.2

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00415