This security advisory for Red Hat JBoss Enterprise Application Platform 7.4.23 fixes several vulnerabilities: CVE-2024-10234 (XSS in WildFly core management subsystem), CVE-2025-2251 (Improper deserialization in JBoss Marshalling allowing remote code execution), CVE-2025-2901 (Stored XSS in JBoss EAP Management Console), CVE-2025-23184 (Denial of Service in Apache CXF via temporary files), CVE-2025-35036 (Hibernate Validator Expression Language Injection), and CVE-2025-48734 (Apache Commons BeanUtils PropertyUtilsBean issue with enum's declaredClass property). These vulnerabilities impact the security of Java applications running on the platform and could allow attackers to execute code remotely, perform XSS attacks, or cause denial of service. The advisory replaces the previous 7.4.22 release and includes bug fixes and enhancements alongside security patches.

The vulnerabilities fixed in this update include critical issues such as remote code execution via improper deserialization (CVE-2025-2251), multiple Cross-Site Scripting (XSS) vulnerabilities (CVE-2024-10234, CVE-2025-2901), denial of service (CVE-2025-23184), and expression language injection (CVE-2025-35036). These could allow attackers to execute arbitrary code, steal sensitive information via XSS, or disrupt service availability. The Apache Commons BeanUtils issue (CVE-2025-48734) may lead to unexpected behavior due to improper suppression of enum properties. Overall, these vulnerabilities pose a high security risk to affected systems.

An official security update is available in Red Hat JBoss Enterprise Application Platform 7.4.23, which replaces version 7.4.22. Users should apply this update after ensuring all previous relevant errata are applied and backing up their systems, including applications and configurations. The vendor advisory provides detailed instructions for applying the update. No indication of 'no action required' or 'already mitigated' is present; therefore, applying the update is the recommended mitigation.