Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update
Red Hat JBoss Enterprise Application Platform 8. 1. 0 has multiple security vulnerabilities including request smuggling in Netty HTTP and HTTP/2 codecs and a code execution vulnerability in Apache CXF JMS. These issues are addressed in an important security update released by Red Hat. The update includes upgrades to Netty, Apache CXF, and related components to remediate these vulnerabilities.
AI Analysis
Technical Summary
This advisory covers security vulnerabilities in Red Hat JBoss Enterprise Application Platform (EAP) 8.1.0, specifically: CVE-2025-58056, a request smuggling vulnerability in Netty's HTTP and HTTP/2 codecs due to incorrect parsing of chunk extensions; CVE-2025-48913, a JMS code execution vulnerability in Apache CXF; and CVE-2025-55163, a HTTP/2 DDoS vulnerability in Netty. Red Hat has released an asynchronous patch updating Netty to version 4.1.127.Final and Apache CXF to 4.0.9.redhat-00002 to address these issues. The advisory rates the security impact as Important (high severity).
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to perform HTTP request smuggling attacks, potentially bypassing security controls or causing denial of service, and execute arbitrary code via the JMS component in Apache CXF. These vulnerabilities affect the integrity and availability of applications running on Red Hat JBoss EAP 8.1.0.
Mitigation Recommendations
A security update is available for Red Hat JBoss Enterprise Application Platform 8.1.0 that addresses these vulnerabilities. Users should apply this update after ensuring all previous errata are applied and backing up their systems. The update includes upgraded versions of Netty and Apache CXF that fix the reported issues. Refer to the official Red Hat advisory RHSA-2025:17298 for detailed update instructions. Patch status is confirmed as available.
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update
Description
Red Hat JBoss Enterprise Application Platform 8. 1. 0 has multiple security vulnerabilities including request smuggling in Netty HTTP and HTTP/2 codecs and a code execution vulnerability in Apache CXF JMS. These issues are addressed in an important security update released by Red Hat. The update includes upgrades to Netty, Apache CXF, and related components to remediate these vulnerabilities.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers security vulnerabilities in Red Hat JBoss Enterprise Application Platform (EAP) 8.1.0, specifically: CVE-2025-58056, a request smuggling vulnerability in Netty's HTTP and HTTP/2 codecs due to incorrect parsing of chunk extensions; CVE-2025-48913, a JMS code execution vulnerability in Apache CXF; and CVE-2025-55163, a HTTP/2 DDoS vulnerability in Netty. Red Hat has released an asynchronous patch updating Netty to version 4.1.127.Final and Apache CXF to 4.0.9.redhat-00002 to address these issues. The advisory rates the security impact as Important (high severity).
Potential Impact
Successful exploitation of these vulnerabilities could allow an attacker to perform HTTP request smuggling attacks, potentially bypassing security controls or causing denial of service, and execute arbitrary code via the JMS component in Apache CXF. These vulnerabilities affect the integrity and availability of applications running on Red Hat JBoss EAP 8.1.0.
Mitigation Recommendations
A security update is available for Red Hat JBoss Enterprise Application Platform 8.1.0 that addresses these vulnerabilities. Users should apply this update after ensuring all previous errata are applied and backing up their systems. The update includes upgraded versions of Netty and Apache CXF that fix the reported issues. Refer to the official Red Hat advisory RHSA-2025:17298 for detailed update instructions. Patch status is confirmed as available.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:17298
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-55163","CVE-2025-58056"]
- Cvss Version
- null
Threat ID: 6a294d7d8dd33fbd853ac39d
Added to database: 6/10/2026, 11:41:49 AM
Last enriched: 6/10/2026, 12:00:31 PM
Last updated: 6/10/2026, 2:17:49 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.