RHSA-2025:10452
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•eap8-activemq-artemis
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-cli
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-commons
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-core-client
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-dto
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-hornetq-protocol
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-hqclient-protocol
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-client
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-ra
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-server
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-jakarta-service-extensions
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-jdbc-store
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-journal
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-selector
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-activemq-artemis-server
< 0:2.33.0-3.redhat_00017.1.el8eap
- redhat•eap8-apache-commons-beanutils
< 0:1.11.0-1.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf
< 0:4.0.6-2.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-rt
< 0:4.0.6-2.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-services
< 0:4.0.6-2.redhat_00001.1.el8eap
- redhat•eap8-apache-cxf-tools
< 0:4.0.6-2.redhat_00001.1.el8eap
- redhat•eap8-apache-mime4j
< 0:0.8.12-1.redhat_00001.1.el8eap
- redhat•eap8-apache-mime4j-dom
< 0:0.8.12-1.redhat_00001.1.el8eap
- redhat•eap8-apache-mime4j-storage
< 0:0.8.12-1.redhat_00001.1.el8eap
- redhat•eap8-eap-product-conf-parent
< 0:800.8.0-1.GA_redhat_00001.1.el8eap
- redhat•eap8-eap-product-conf-wildfly-ee-feature-pack
< 0:800.8.0-1.GA_redhat_00001.1.el8eap
- redhat•eap8-elytron-web
< 0:4.0.3-1.Final_redhat_00001.1.el8eap
- redhat•eap8-fastinfoset
< 0:2.1.1-1.redhat_00001.1.el8eap
- redhat•eap8-hal-console
< 0:3.6.24-1.Final_redhat_00001.1.el8eap
- redhat•eap8-hibernate
< 0:6.2.36-1.Final_redhat_00001.1.el8eap
- redhat•eap8-hibernate-core
< 0:6.2.36-1.Final_redhat_00001.1.el8eap
- redhat•eap8-hibernate-envers
< 0:6.2.36-1.Final_redhat_00001.1.el8eap
- redhat•eap8-httpcomponents-asyncclient
< 0:4.1.5-4.redhat_00006.1.el8eap
- redhat•eap8-jboss-remoting
< 0:5.0.31-1.Final_redhat_00001.1.el8eap
- redhat•eap8-jbossws-cxf
< 0:7.3.3-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-jbosstxbridge
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-jbossxts
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-jts-idlj
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-jts-integration
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-restat-api
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-restat-bridge
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-restat-integration
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-narayana-restat-util
< 0:6.0.6-1.Final_redhat_00001.1.el8eap
- redhat•eap8-neethi
< 0:3.2.1-1.redhat_00002.1.el8eap
- redhat•eap8-reactivex-rxjava2
< 0:2.2.21-3.redhat_00002.1.el8eap
- redhat•eap8-slf4j
< 0:2.0.17-1.redhat_00001.1.el8eap
- redhat•eap8-slf4j-api
< 0:2.0.17-1.redhat_00001.1.el8eap
- redhat•eap8-velocity
< 0:2.3.0-4.redhat_00010.1.el8eap
- redhat•eap8-velocity-engine-core
< 0:2.3.0-4.redhat_00010.1.el8eap
- redhat•eap8-wildfly
< 0:8.0.8-4.GA_redhat_00006.1.el8eap
Showing first 50 affected entries in server-rendered view.
References (49)
- https://access.redhat.com/errata/RHSA-2025:10452
- https://access.redhat.com/security/updates/classification/#important
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0
- https://access.redhat.com/articles/7120566
- https://bugzilla.redhat.com/show_bug.cgi?id=2339095
- https://bugzilla.redhat.com/show_bug.cgi?id=2351678
- https://bugzilla.redhat.com/show_bug.cgi?id=2355685
- https://bugzilla.redhat.com/show_bug.cgi?id=2363176
- https://bugzilla.redhat.com/show_bug.cgi?id=2368956
- https://issues.redhat.com/browse/JBEAP-28866
- https://issues.redhat.com/browse/JBEAP-28992
- https://issues.redhat.com/browse/JBEAP-29252
- https://issues.redhat.com/browse/JBEAP-29257
- https://issues.redhat.com/browse/JBEAP-29530
- https://issues.redhat.com/browse/JBEAP-29679
- https://issues.redhat.com/browse/JBEAP-29691
- https://issues.redhat.com/browse/JBEAP-29692
- https://issues.redhat.com/browse/JBEAP-29806
- https://issues.redhat.com/browse/JBEAP-29863
- https://issues.redhat.com/browse/JBEAP-29867
- https://issues.redhat.com/browse/JBEAP-29984
- https://issues.redhat.com/browse/JBEAP-29999
- https://issues.redhat.com/browse/JBEAP-30087
- https://issues.redhat.com/browse/JBEAP-30151
- https://issues.redhat.com/browse/JBEAP-30157
- https://issues.redhat.com/browse/JBEAP-30263
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10452.json
- https://access.redhat.com/security/cve/CVE-2025-2251
- https://www.cve.org/CVERecord?id=CVE-2025-2251
- https://nvd.nist.gov/vuln/detail/CVE-2025-2251
- https://access.redhat.com/security/cve/CVE-2025-2901
- https://www.cve.org/CVERecord?id=CVE-2025-2901
- https://nvd.nist.gov/vuln/detail/CVE-2025-2901
- https://access.redhat.com/security/cve/CVE-2025-23184
- https://www.cve.org/CVERecord?id=CVE-2025-23184
- https://nvd.nist.gov/vuln/detail/CVE-2025-23184
- https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
- https://access.redhat.com/security/cve/CVE-2025-27611
- https://www.cve.org/CVERecord?id=CVE-2025-27611
- https://nvd.nist.gov/vuln/detail/CVE-2025-27611
- https://github.com/cryptocoinjs/base-x/pull/86
- https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p
- https://access.redhat.com/security/cve/CVE-2025-48734
- https://www.cve.org/CVERecord?id=CVE-2025-48734
- https://nvd.nist.gov/vuln/detail/CVE-2025-48734
- https://github.com/advisories/GHSA-wxr5-93ph-8wr9
- https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc
- https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
- https://www.openwall.com/lists/oss-security/2025/05/28/6