This advisory covers security fixes in Red Hat JBoss Enterprise Application Platform 8.0.9 for three vulnerabilities: CVE-2025-55163 is a denial-of-service vulnerability in netty-codec-http2 (Netty MadeYouReset HTTP/2 DDoS); CVE-2025-58056 is a request smuggling vulnerability in netty-codec-http due to incorrect parsing of chunk extensions; CVE-2025-48913 is a code execution vulnerability in Apache CXF JMS. The update upgrades Netty to version 4.1.127.Final and Apache CXF to 4.0.9.redhat-00002, among other component updates. Red Hat rates the security impact as Important and provides an asynchronous patch update for JBoss EAP 8.0 on RHEL 8 and 9. The advisory includes instructions to apply the update after ensuring prior errata are applied and backing up existing installations.

The vulnerabilities fixed include a denial-of-service condition via HTTP/2 in Netty, a request smuggling vulnerability that could allow HTTP request manipulation, and a JMS code execution vulnerability in Apache CXF. These could potentially allow attackers to disrupt service or execute arbitrary code within the affected platform. The update mitigates these risks by upgrading the vulnerable components to fixed versions.

A security update for Red Hat JBoss Enterprise Application Platform 8.0.9 is available and should be applied to affected systems. Before applying the update, ensure all previously released errata are applied and back up all applications, configuration files, and databases. Follow Red Hat's official update instructions at https://access.redhat.com/articles/11258. This update includes official fixes for the listed vulnerabilities.