RHSA-2025:22775

Description

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update

CVSS Metrics

• v3.1•MEDIUM•Score: 4.8CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected Systems

• redhat•eap8-angus-activation

  < 0:2.0.2-2.redhat_00002.1.el9eap

• redhat•eap8-apache-commons-io

  < 0:2.16.1-2.redhat_00002.1.el9eap

• redhat•eap8-atinject

  < 0:2.0.1-5.redhat_00007.1.el9eap

• redhat•eap8-bouncycastle

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-bouncycastle-jmail

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-bouncycastle-pg

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-bouncycastle-pkix

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-bouncycastle-prov

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-bouncycastle-util

  < 0:1.82.0-1.redhat_00001.1.el9eap

• redhat•eap8-eap-product-conf-parent

  < 0:800.11.0-1.GA_redhat_00001.1.el9eap

• redhat•eap8-eap-product-conf-wildfly-ee-feature-pack

  < 0:800.11.0-1.GA_redhat_00001.1.el9eap

• redhat•eap8-eclipse-jgit

  < 0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap

• redhat•eap8-hal-console

  < 0:3.6.27-1.Final_redhat_00001.1.el9eap

• redhat•eap8-hibernate

  < 0:6.2.46-1.Final_redhat_00001.1.el9eap

• redhat•eap8-hibernate-core

  < 0:6.2.46-1.Final_redhat_00001.1.el9eap

• redhat•eap8-hibernate-envers

  < 0:6.2.46-1.Final_redhat_00001.1.el9eap

• redhat•eap8-hibernate-validator

  < 0:8.0.2-1.Final_redhat_00001.1.el9eap

• redhat•eap8-hibernate-validator-cdi

  < 0:8.0.2-1.Final_redhat_00001.1.el9eap

• redhat•eap8-httpcomponents-client

  < 0:4.5.14-5.redhat_00016.1.el9eap

• redhat•eap8-httpcomponents-core

  < 0:4.4.16-6.redhat_00011.1.el9eap

• redhat•eap8-installation-manager-api

  < 0:1.0.3-1.Final_redhat_00001.1.el9eap

• redhat•eap8-istack-commons-runtime

  < 0:4.1.2-2.redhat_00003.1.el9eap

• redhat•eap8-istack-commons-tools

  < 0:4.1.2-2.redhat_00003.1.el9eap

• redhat•eap8-jakarta-activation

  < 0:2.1.3-2.redhat_00002.1.el9eap

• redhat•eap8-jakarta-annotation-api

  < 0:2.1.1-5.redhat_00005.1.el9eap

• redhat•eap8-jakarta-enterprise-concurrent

  < 0:3.0.2-1.redhat_00001.1.el9eap

• redhat•eap8-jakarta-interceptor-api

  < 0:2.1.0-5.redhat_00003.1.el9eap

• redhat•eap8-jakarta-mail

  < 0:2.1.3-3.redhat_00003.1.el9eap

• redhat•eap8-jakarta-servlet-api

  < 0:6.0.0-6.redhat_00007.1.el9eap

• redhat•eap8-jakarta-validation-api

  < 0:3.0.2-3.redhat_00006.1.el9eap

• redhat•eap8-jakarta-ws-rs-api

  < 0:3.1.0-5.redhat_00003.1.el9eap

• redhat•eap8-jakarta-xml-bind-api

  < 0:4.0.2-2.redhat_00003.1.el9eap

• redhat•eap8-jboss-el-api_5.0_spec

  < 0:4.0.2-1.Final_redhat_00001.1.el9eap

• redhat•eap8-jbossws-cxf

  < 0:7.3.6-1.Final_redhat_00001.1.el9eap

• redhat•eap8-jctools

  < 0:4.0.5-3.redhat_00002.1.el9eap

• redhat•eap8-jctools-core

  < 0:4.0.5-3.redhat_00002.1.el9eap

• redhat•eap8-parsson

  < 0:1.1.7-3.redhat_00003.1.el9eap

• redhat•eap8-reactive-streams

  < 0:1.0.4-4.redhat_00005.1.el9eap

• redhat•eap8-reactivex-rxjava2

  < 0:2.2.21-4.redhat_00003.1.el9eap

• redhat•eap8-saaj-impl

  < 0:3.0.4-2.redhat_00002.1.el9eap

• redhat•eap8-stax-ex

  < 0:2.1.0-3.redhat_00003.1.el9eap

• redhat•eap8-stax2-api

  < 0:4.2.2-2.redhat_00003.1.el9eap

• redhat•eap8-sun-istack-commons

  < 0:4.1.2-2.redhat_00003.1.el9eap

• redhat•eap8-wildfly

  < 0:8.0.11-1.GA_redhat_00002.1.el9eap

• redhat•eap8-wildfly-elytron

  < 0:2.2.12-1.Final_redhat_00002.1.el9eap

• redhat•eap8-wildfly-elytron-tool

  < 0:2.2.12-1.Final_redhat_00002.1.el9eap

• redhat•eap8-wildfly-java-jdk11

  < 0:8.0.11-1.GA_redhat_00002.1.el9eap

• redhat•eap8-wildfly-java-jdk17

  < 0:8.0.11-1.GA_redhat_00002.1.el9eap

• redhat•eap8-wildfly-java-jdk21

  < 0:8.0.11-1.GA_redhat_00002.1.el9eap

• redhat•eap8-wildfly-modules

  < 0:8.0.11-1.GA_redhat_00002.1.el9eap

Showing first 50 affected entries in server-rendered view.

References (23)

• https://access.redhat.com/errata/RHSA-2025:22775
• https://access.redhat.com/security/updates/classification/#moderate
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0
• https://access.redhat.com/articles/7120566
• https://bugzilla.redhat.com/show_bug.cgi?id=2367730
• https://issues.redhat.com/browse/JBEAP-28993
• https://issues.redhat.com/browse/JBEAP-30584
• https://issues.redhat.com/browse/JBEAP-30977
• https://issues.redhat.com/browse/JBEAP-31001
• https://issues.redhat.com/browse/JBEAP-31031
• https://issues.redhat.com/browse/JBEAP-31074
• https://issues.redhat.com/browse/JBEAP-31253
• https://issues.redhat.com/browse/JBEAP-31260
• https://issues.redhat.com/browse/JBEAP-31290
• https://issues.redhat.com/browse/JBEAP-31339
• https://issues.redhat.com/browse/JBEAP-31377
• https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22775.json
• https://access.redhat.com/security/cve/CVE-2025-4949
• https://www.cve.org/CVERecord?id=CVE-2025-4949
• https://nvd.nist.gov/vuln/detail/CVE-2025-4949
• https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
• https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
• https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1