Security Advisory

CVE-2025-2251

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-07 14:06:46

Last updated 2026-06-25 23:43:02

Assigner redhat

State PUBLISHED

Description

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

← Browse all CVEs View on cve.org ↗