Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.22 security update
Red Hat JBoss Enterprise Application Platform 7. 4. 22 includes important security fixes addressing multiple vulnerabilities. These include denial of service issues in Netty components affecting Windows applications, improper role-based access control (RBAC) permissions in Wildfly, and a native crash vulnerability related to SSL packet validation. The update replaces version 7. 4. 21 and is rated with an important security impact by Red Hat. Users are advised to apply the update after backing up their systems and ensuring prior errata are applied.
AI Analysis
Technical Summary
This advisory covers security fixes in Red Hat JBoss Enterprise Application Platform 7.4.22, which addresses three main vulnerabilities: CVE-2024-47535 and CVE-2025-25193, both denial of service vulnerabilities in Netty components affecting Windows applications; CVE-2025-24970, a native crash vulnerability caused by improper SSL packet validation in Netty's SslHandler when using native SSLEngine; and CVE-2025-23367, an improper RBAC permission issue in Wildfly core server. The update upgrades multiple components including Netty, Wildfly Core, Elytron, and others to remediate these issues. The vendor rates the update as important and provides detailed instructions for applying the patch.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions on Windows applications using Netty, a native crash due to SSL packet validation errors, and improper access control permissions in Wildfly. These issues could disrupt application availability or lead to unauthorized access if exploited. No known exploits in the wild have been reported at this time. The overall security impact is rated as important by Red Hat.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.4.22 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata are installed and back up all relevant data and configurations. Follow Red Hat's official guidance for applying the update: https://access.redhat.com/articles/11258. No additional mitigation steps are specified by the vendor beyond applying this update.
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.22 security update
Description
Red Hat JBoss Enterprise Application Platform 7. 4. 22 includes important security fixes addressing multiple vulnerabilities. These include denial of service issues in Netty components affecting Windows applications, improper role-based access control (RBAC) permissions in Wildfly, and a native crash vulnerability related to SSL packet validation. The update replaces version 7. 4. 21 and is rated with an important security impact by Red Hat. Users are advised to apply the update after backing up their systems and ensuring prior errata are applied.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers security fixes in Red Hat JBoss Enterprise Application Platform 7.4.22, which addresses three main vulnerabilities: CVE-2024-47535 and CVE-2025-25193, both denial of service vulnerabilities in Netty components affecting Windows applications; CVE-2025-24970, a native crash vulnerability caused by improper SSL packet validation in Netty's SslHandler when using native SSLEngine; and CVE-2025-23367, an improper RBAC permission issue in Wildfly core server. The update upgrades multiple components including Netty, Wildfly Core, Elytron, and others to remediate these issues. The vendor rates the update as important and provides detailed instructions for applying the patch.
Potential Impact
The vulnerabilities fixed in this update can lead to denial of service conditions on Windows applications using Netty, a native crash due to SSL packet validation errors, and improper access control permissions in Wildfly. These issues could disrupt application availability or lead to unauthorized access if exploited. No known exploits in the wild have been reported at this time. The overall security impact is rated as important by Red Hat.
Mitigation Recommendations
A security update to Red Hat JBoss Enterprise Application Platform 7.4.22 is available and should be applied to remediate these vulnerabilities. Before applying the update, ensure all previously released errata are installed and back up all relevant data and configurations. Follow Red Hat's official guidance for applying the update: https://access.redhat.com/articles/11258. No additional mitigation steps are specified by the vendor beyond applying this update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:4548
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-24970","CVE-2025-25193"]
- Cvss Version
- null
Threat ID: 6a1df669e29bf47b50461694
Added to database: 6/1/2026, 9:15:21 PM
Last enriched: 6/1/2026, 9:19:25 PM
Last updated: 6/2/2026, 6:09:41 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.