The security advisory for Red Hat JBoss Enterprise Application Platform 8.0.11 addresses an XXE vulnerability (CVE-2025-4949) in the Eclipse JGit library used within the platform. This vulnerability is categorized under CWE-611, which involves improper handling of XML external entities leading to potential security risks. The advisory indicates that the vulnerability is fixed by upgrading JGit to version 6.10.1.202505221210-r and includes other component upgrades and bug fixes. The update supersedes version 8.0.10 and is rated as having a moderate security impact by Red Hat. No CVSS base score is provided in the advisory or CVE details. The vendor recommends applying this update after ensuring all previous errata are applied and backing up existing installations.

The vulnerability (CVE-2025-4949) is an XML External Entity (XXE) issue in Eclipse JGit, which could allow an attacker to exploit XML parsing to access unauthorized data or cause denial of service. Red Hat rates the security impact as moderate. There are no known exploits in the wild reported at this time. The update mitigates the vulnerability by upgrading the affected JGit component. No further impact details or CVSS score are provided in the advisory.

A security update is available in Red Hat JBoss Enterprise Application Platform 8.0.11 that addresses CVE-2025-4949 by upgrading the Eclipse JGit component. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. It is recommended to back up all applications, configuration files, and databases before applying the update. Follow the official Red Hat guidance for applying the update as detailed in their documentation. No additional mitigation steps are indicated by the vendor.