RHSA-2025:1746
Advisory lineage Upstream: 18 Downstream: 0
Published: 24 Feb 2025, 10:02
Last modified:24 May 2026, 10:02
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
3.1 (osv_red_hat)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Feb 2025, 10:02
Published
Vulnerability first disclosed
24 May 2026, 10:02
Last Modified
Vulnerability information updated
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- redhat•eap7-apache-cxf
< 0:3.1.16-4.redhat_00003.1.ep7.el7
- redhat•eap7-apache-cxf-rt
< 0:3.1.16-4.redhat_00003.1.ep7.el7
- redhat•eap7-apache-cxf-services
< 0:3.1.16-4.redhat_00003.1.ep7.el7
- redhat•eap7-apache-cxf-tools
< 0:3.1.16-4.redhat_00003.1.ep7.el7
- redhat•eap7-jackson-databind
< 0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7
- redhat•eap7-jettison
< 0:1.3.8-2.redhat_00002.1.ep7.el7
- redhat•eap7-netty
< 0:4.1.63-1.Final_redhat_00002.1.ep7.el7
- redhat•eap7-netty-all
< 0:4.1.63-1.Final_redhat_00002.1.ep7.el7
- redhat•eap7-resteasy
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-atom-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-cdi
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-client
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-crypto
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jackson-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jackson2-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jaxb-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jaxrs
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jettison-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jose-jwt
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-jsapi
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-json-p-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-multipart-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-spring
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-validator-provider-11
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-resteasy-yaml-provider
< 0:3.0.27-1.Final_redhat_00001.1.ep7.el7
- redhat•eap7-snakeyaml
< 0:1.33.0-1.SP1_redhat_00001.1.ep7.el7
- redhat•eap7-velocity
< 0:1.7.0-3.redhat_00006.1.ep7.el7
- redhat•eap7-wildfly
< 0:7.1.9-2.GA_redhat_00002.1.ep7.el7
- redhat•eap7-wildfly-modules
< 0:7.1.9-2.GA_redhat_00002.1.ep7.el7
References (90)
- https://access.redhat.com/errata/RHSA-2025:1746
- https://access.redhat.com/security/updates/classification/#critical
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index
- https://bugzilla.redhat.com/show_bug.cgi?id=1815470
- https://bugzilla.redhat.com/show_bug.cgi?id=1815495
- https://bugzilla.redhat.com/show_bug.cgi?id=1816330
- https://bugzilla.redhat.com/show_bug.cgi?id=1816332
- https://bugzilla.redhat.com/show_bug.cgi?id=1816337
- https://bugzilla.redhat.com/show_bug.cgi?id=1816340
- https://bugzilla.redhat.com/show_bug.cgi?id=1937440
- https://bugzilla.redhat.com/show_bug.cgi?id=1991305
- https://bugzilla.redhat.com/show_bug.cgi?id=2030932
- https://bugzilla.redhat.com/show_bug.cgi?id=2032580
- https://bugzilla.redhat.com/show_bug.cgi?id=2135244
- https://bugzilla.redhat.com/show_bug.cgi?id=2135247
- https://bugzilla.redhat.com/show_bug.cgi?id=2135435
- https://bugzilla.redhat.com/show_bug.cgi?id=2145194
- https://bugzilla.redhat.com/show_bug.cgi?id=2150009
- https://bugzilla.redhat.com/show_bug.cgi?id=2153379
- https://bugzilla.redhat.com/show_bug.cgi?id=2155681
- https://bugzilla.redhat.com/show_bug.cgi?id=2155970
- https://issues.redhat.com/browse/JBEAP-28583
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1746.json
- https://access.redhat.com/security/cve/CVE-2020-8840
- https://www.cve.org/CVERecord?id=CVE-2020-8840
- https://nvd.nist.gov/vuln/detail/CVE-2020-8840
- https://access.redhat.com/security/cve/CVE-2020-9546
- https://www.cve.org/CVERecord?id=CVE-2020-9546
- https://nvd.nist.gov/vuln/detail/CVE-2020-9546
- https://access.redhat.com/security/cve/CVE-2020-9547
- https://www.cve.org/CVERecord?id=CVE-2020-9547
- https://nvd.nist.gov/vuln/detail/CVE-2020-9547
- https://access.redhat.com/security/cve/CVE-2020-9548
- https://www.cve.org/CVERecord?id=CVE-2020-9548
- https://nvd.nist.gov/vuln/detail/CVE-2020-9548
- https://access.redhat.com/security/cve/CVE-2020-10672
- https://www.cve.org/CVERecord?id=CVE-2020-10672
- https://nvd.nist.gov/vuln/detail/CVE-2020-10672
- https://access.redhat.com/security/cve/CVE-2020-10673
- https://www.cve.org/CVERecord?id=CVE-2020-10673
- https://nvd.nist.gov/vuln/detail/CVE-2020-10673
- https://access.redhat.com/security/cve/CVE-2020-13936
- https://www.cve.org/CVERecord?id=CVE-2020-13936
- https://nvd.nist.gov/vuln/detail/CVE-2020-13936
- https://access.redhat.com/security/cve/CVE-2021-3717
- https://www.cve.org/CVERecord?id=CVE-2021-3717
- https://nvd.nist.gov/vuln/detail/CVE-2021-3717
- https://access.redhat.com/security/cve/CVE-2021-44228
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
- https://logging.apache.org/log4j/2.x/security.html
- https://www.lunasec.io/docs/blog/log4j-zero-day/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://access.redhat.com/security/cve/CVE-2021-45046
- https://www.cve.org/CVERecord?id=CVE-2021-45046
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
- https://www.openwall.com/lists/oss-security/2021/12/14/4
- https://access.redhat.com/security/cve/CVE-2022-1471
- https://www.cve.org/CVERecord?id=CVE-2022-1471
- https://nvd.nist.gov/vuln/detail/CVE-2022-1471
- https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2
- https://access.redhat.com/security/cve/CVE-2022-41881
- https://www.cve.org/CVERecord?id=CVE-2022-41881
- https://nvd.nist.gov/vuln/detail/CVE-2022-41881
- https://access.redhat.com/security/cve/CVE-2022-42003
- https://www.cve.org/CVERecord?id=CVE-2022-42003
- https://nvd.nist.gov/vuln/detail/CVE-2022-42003
- https://access.redhat.com/security/cve/CVE-2022-42004
- https://www.cve.org/CVERecord?id=CVE-2022-42004
- https://nvd.nist.gov/vuln/detail/CVE-2022-42004
- https://access.redhat.com/security/cve/CVE-2022-42889
- https://www.cve.org/CVERecord?id=CVE-2022-42889
- https://nvd.nist.gov/vuln/detail/CVE-2022-42889
- https://blogs.apache.org/security/entry/cve-2022-42889
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
- https://seclists.org/oss-sec/2022/q4/22
- https://access.redhat.com/security/cve/CVE-2022-45047
- https://www.cve.org/CVERecord?id=CVE-2022-45047
- https://nvd.nist.gov/vuln/detail/CVE-2022-45047
- https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
- https://access.redhat.com/security/cve/CVE-2022-45693
- https://www.cve.org/CVERecord?id=CVE-2022-45693
- https://nvd.nist.gov/vuln/detail/CVE-2022-45693
- https://access.redhat.com/security/cve/CVE-2022-46363
- https://www.cve.org/CVERecord?id=CVE-2022-46363
- https://nvd.nist.gov/vuln/detail/CVE-2022-46363
- https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c