CVE-2025-2251 Information
Apr 08, 2025
cve
Description
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object leading to remote code execution without requiring authentication.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Reference
https://access.redhat.com/security/cve/CVE-2025-2251 https://bugzilla.redhat.com/show_bug.cgi?id=2351678
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.2
Share on: