RHSA-2025:10924
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•eap7-activemq-artemis
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-cli
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-commons
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-core-client
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-dto
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-hornetq-protocol
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-hqclient-protocol
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-jdbc-store
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-jms-client
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-jms-server
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-journal
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-ra
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-selector
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-server
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-service-extensions
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-activemq-artemis-tools
< 0:2.16.0-21.redhat_00055.1.el7eap
- redhat•eap7-apache-cxf
< 0:3.5.10-1.redhat_00001.1.el7eap
- redhat•eap7-apache-cxf-rt
< 0:3.5.10-1.redhat_00001.1.el7eap
- redhat•eap7-apache-cxf-services
< 0:3.5.10-1.redhat_00001.1.el7eap
- redhat•eap7-apache-cxf-tools
< 0:3.5.10-1.redhat_00001.1.el7eap
- redhat•eap7-artemis-native
< 1:1.0.2-5.redhat_00004.1.el7eap
- redhat•eap7-artemis-native-debuginfo
< 1:1.0.2-5.redhat_00004.1.el7eap
- redhat•eap7-artemis-native-wildfly
< 1:1.0.2-5.redhat_00004.1.el7eap
- redhat•eap7-elytron-web
< 0:1.9.6-1.Final_redhat_00001.1.el7eap
- redhat•eap7-glassfish-jsf
< 0:2.3.14-9.SP10_redhat_00001.1.el7eap
- redhat•eap7-hal-console
< 0:3.3.27-1.Final_redhat_00001.1.el7eap
- redhat•eap7-hibernate-validator
< 0:6.0.23-3.SP2_redhat_00001.1.el7eap
- redhat•eap7-hibernate-validator-cdi
< 0:6.0.23-3.SP2_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-api
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-impl
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-common-spi
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-core-api
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-core-impl
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-deployers-common
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-jdbc
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-ironjacamar-validator
< 0:1.5.21-1.Final_redhat_00001.1.el7eap
- redhat•eap7-jboss-server-migration
< 0:1.10.0-42.Final_redhat_00042.1.el7eap
- redhat•eap7-jboss-server-migration-cli
< 0:1.10.0-42.Final_redhat_00042.1.el7eap
- redhat•eap7-jboss-server-migration-core
< 0:1.10.0-42.Final_redhat_00042.1.el7eap
- redhat•eap7-jbossws-cxf
< 0:5.4.15-1.Final_redhat_00001.1.el7eap
- redhat•eap7-undertow-server
< 0:1.9.6-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly
< 0:7.4.23-3.GA_redhat_00002.1.el7eap
- redhat•eap7-wildfly-elytron
< 0:1.15.26-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly-elytron-tool
< 0:1.15.26-1.Final_redhat_00001.1.el7eap
- redhat•eap7-wildfly-java-jdk11
< 0:7.4.23-3.GA_redhat_00002.1.el7eap
- redhat•eap7-wildfly-java-jdk8
< 0:7.4.23-3.GA_redhat_00002.1.el7eap
- redhat•eap7-wildfly-javadocs
< 0:7.4.23-3.GA_redhat_00002.1.el7eap
- redhat•eap7-wildfly-modules
< 0:7.4.23-3.GA_redhat_00002.1.el7eap
References (64)
- https://access.redhat.com/errata/RHSA-2025:10924
- https://access.redhat.com/security/updates/classification/#important
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index
- https://bugzilla.redhat.com/show_bug.cgi?id=2320848
- https://bugzilla.redhat.com/show_bug.cgi?id=2339095
- https://bugzilla.redhat.com/show_bug.cgi?id=2351678
- https://bugzilla.redhat.com/show_bug.cgi?id=2355685
- https://bugzilla.redhat.com/show_bug.cgi?id=2368956
- https://bugzilla.redhat.com/show_bug.cgi?id=2370118
- https://issues.redhat.com/browse/JBEAP-28676
- https://issues.redhat.com/browse/JBEAP-28905
- https://issues.redhat.com/browse/JBEAP-29217
- https://issues.redhat.com/browse/JBEAP-29440
- https://issues.redhat.com/browse/JBEAP-29815
- https://issues.redhat.com/browse/JBEAP-29862
- https://issues.redhat.com/browse/JBEAP-29866
- https://issues.redhat.com/browse/JBEAP-29914
- https://issues.redhat.com/browse/JBEAP-29969
- https://issues.redhat.com/browse/JBEAP-30031
- https://issues.redhat.com/browse/JBEAP-30059
- https://issues.redhat.com/browse/JBEAP-30264
- https://issues.redhat.com/browse/JBEAP-30359
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10924.json
- https://access.redhat.com/security/cve/CVE-2024-10234
- https://www.cve.org/CVERecord?id=CVE-2024-10234
- https://nvd.nist.gov/vuln/detail/CVE-2024-10234
- https://access.redhat.com/security/cve/CVE-2025-2251
- https://www.cve.org/CVERecord?id=CVE-2025-2251
- https://nvd.nist.gov/vuln/detail/CVE-2025-2251
- https://access.redhat.com/security/cve/CVE-2025-2901
- https://www.cve.org/CVERecord?id=CVE-2025-2901
- https://nvd.nist.gov/vuln/detail/CVE-2025-2901
- https://access.redhat.com/security/cve/CVE-2025-23184
- https://www.cve.org/CVERecord?id=CVE-2025-23184
- https://nvd.nist.gov/vuln/detail/CVE-2025-23184
- https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
- https://access.redhat.com/security/cve/CVE-2025-35036
- https://www.cve.org/CVERecord?id=CVE-2025-35036
- https://nvd.nist.gov/vuln/detail/CVE-2025-35036
- https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
- https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
- https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
- https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
- https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
- https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
- https://github.com/hibernate/hibernate-validator/pull/1138
- https://hibernate.atlassian.net/browse/HV-1816
- https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
- https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language
- https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
- https://www.cve.org/CVERecord?id=CVE-2020-5245
- https://www.cve.org/CVERecord?id=CVE-2025-4428
- https://access.redhat.com/security/cve/CVE-2025-48734
- https://www.cve.org/CVERecord?id=CVE-2025-48734
- https://nvd.nist.gov/vuln/detail/CVE-2025-48734
- https://github.com/advisories/GHSA-wxr5-93ph-8wr9
- https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc
- https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9
- https://www.openwall.com/lists/oss-security/2025/05/28/6
- https://access.redhat.com/security/cve/CVE-2025-23366
- https://bugzilla.redhat.com/show_bug.cgi?id=2337619
- https://www.cve.org/CVERecord?id=CVE-2025-23366
- https://nvd.nist.gov/vuln/detail/CVE-2025-23366