RHSA-2025:3990
Vulnerability Summary
Timeline
Description
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.7 security update
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- redhat•eap8-apache-commons-io
< 0:2.16.1-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle-jmail
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle-pg
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle-pkix
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle-prov
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-bouncycastle-util
< 0:1.80.0-1.redhat_00001.1.el9eap
- redhat•eap8-eap-product-conf-parent
< 0:800.7.0-2.GA_redhat_00002.1.el9eap
- redhat•eap8-eap-product-conf-wildfly-ee-feature-pack
< 0:800.7.0-2.GA_redhat_00002.1.el9eap
- redhat•eap8-hibernate
< 0:6.2.35-1.Final_redhat_00001.1.el9eap
- redhat•eap8-hibernate-core
< 0:6.2.35-1.Final_redhat_00001.1.el9eap
- redhat•eap8-hibernate-envers
< 0:6.2.35-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-common-api
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-common-impl
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-common-spi
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-core-api
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-core-impl
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-deployers-common
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-jdbc
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-ironjacamar-validator
< 0:3.0.13-1.Final_redhat_00001.1.el9eap
- redhat•eap8-jakarta-enterprise-concurrent
< 0:3.0.1-1.redhat_00001.1.el9eap
- redhat•eap8-jsf-impl
< 0:4.0.11-1.redhat_00001.1.el9eap
- redhat•eap8-reactive-streams
< 0:1.0.4-3.redhat_00004.1.el9eap
- redhat•eap8-reactivex-rxjava
< 0:3.1.10-1.redhat_00001.1.el9eap
- redhat•eap8-weld-core
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-core-impl
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-core-jsf
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-ejb
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-jta
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-lite-extension-translator
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-weld-web
< 0:5.1.5-1.Final_redhat_00001.1.el9eap
- redhat•eap8-wildfly
< 0:8.0.7-3.GA_redhat_00004.1.el9eap
- redhat•eap8-wildfly-elytron
< 0:2.2.9-1.Final_redhat_00001.1.el9eap
- redhat•eap8-wildfly-elytron-tool
< 0:2.2.9-1.Final_redhat_00001.1.el9eap
- redhat•eap8-wildfly-java-jdk11
< 0:8.0.7-3.GA_redhat_00004.1.el9eap
- redhat•eap8-wildfly-java-jdk17
< 0:8.0.7-3.GA_redhat_00004.1.el9eap
- redhat•eap8-wildfly-java-jdk21
< 0:8.0.7-3.GA_redhat_00004.1.el9eap
- redhat•eap8-wildfly-modules
< 0:8.0.7-3.GA_redhat_00004.1.el9eap
References (32)
- https://access.redhat.com/errata/RHSA-2025:3990
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0
- https://access.redhat.com/articles/7114917
- https://bugzilla.redhat.com/show_bug.cgi?id=2331178
- https://bugzilla.redhat.com/show_bug.cgi?id=2337620
- https://issues.redhat.com/browse/JBEAP-28383
- https://issues.redhat.com/browse/JBEAP-28663
- https://issues.redhat.com/browse/JBEAP-28842
- https://issues.redhat.com/browse/JBEAP-28846
- https://issues.redhat.com/browse/JBEAP-28847
- https://issues.redhat.com/browse/JBEAP-28900
- https://issues.redhat.com/browse/JBEAP-28902
- https://issues.redhat.com/browse/JBEAP-28961
- https://issues.redhat.com/browse/JBEAP-28990
- https://issues.redhat.com/browse/JBEAP-29232
- https://issues.redhat.com/browse/JBEAP-29439
- https://issues.redhat.com/browse/JBEAP-29445
- https://issues.redhat.com/browse/JBEAP-29483
- https://issues.redhat.com/browse/JBEAP-29555
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3990.json
- https://access.redhat.com/security/cve/CVE-2024-12369
- https://www.cve.org/CVERecord?id=CVE-2024-12369
- https://nvd.nist.gov/vuln/detail/CVE-2024-12369
- https://github.com/wildfly-security/wildfly-elytron/commit/5ac5e6bbcba58883b3cebb2ddbcec4de140c5ceb
- https://github.com/wildfly-security/wildfly-elytron/commit/d7754f5a6a91ceb0f4dbbbfe301991f6a55404cb
- https://github.com/wildfly-security/wildfly-elytron/pull/2253
- https://github.com/wildfly-security/wildfly-elytron/pull/2261
- https://access.redhat.com/security/cve/CVE-2025-23367
- https://www.cve.org/CVERecord?id=CVE-2025-23367
- https://nvd.nist.gov/vuln/detail/CVE-2025-23367
- https://github.com/advisories/GHSA-qr6x-62gq-4ccp