Red Hat JBoss Enterprise Application Platform 7.4.22 addresses several security vulnerabilities affecting components such as Netty and Wildfly. The vulnerabilities include denial of service attacks on Windows applications using Netty (CVE-2024-47535 and CVE-2025-25193), a native crash caused by improper packet validation in SslHandler with native SSLEngine (CVE-2025-24970), and improper role-based access control permissions in Wildfly server (CVE-2025-23367). These issues could impact the stability and security of Java applications running on this platform. The update is provided as a replacement for version 7.4.21 and includes bug fixes and enhancements alongside the security patches. Red Hat has rated the update as important and advises users to apply it following standard update procedures.

The vulnerabilities fixed in this update could allow denial of service conditions on affected systems, potentially causing application crashes or service interruptions. The improper RBAC permission vulnerability could lead to unauthorized access or privilege escalation within the Wildfly server environment. The native crash vulnerability in the SslHandler could destabilize applications using native SSLEngine, impacting availability. No known exploits in the wild have been reported at the time of this advisory.

Red Hat has released an official security update in JBoss Enterprise Application Platform 7.4.22 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released errata are installed and backing up their systems, including applications and configurations. Detailed update instructions are available from Red Hat's official documentation. No additional mitigations are indicated beyond applying this update.