CVE-2025-2251

Medium CVSS 6.2

Overview

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

CWE: CWE-502 Published: 2025-04-07T14:15:24.400

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.2 (MEDIUM)
Detected tags: deserialization, rce (tag impact: VERY HIGH)

Recommended actions:

Avoid untrusted deserialization; prefer safe formats (JSON) and signatures.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags