Threats Tagged 'cve-2025-25193'

Red Hat JBoss Enterprise Application Platform 7. 4. 22 includes important security fixes addressing multiple vulnerabilities. These include denial of service issues in Netty components affecting Windows applications, improper role-based access control (RBAC) permissions in Wildfly, and a native crash vulnerability related to SSL packet validation. The update replaces version 7. 4. 21 and is rated with an important security impact by Red Hat. Users are advised to apply the update after backing up their systems and ensuring prior errata are applied.

Red Hat JBoss Enterprise Application Platform 7. 4. 22 addresses multiple security vulnerabilities including denial of service issues in Netty components and an improper RBAC permission in Wildfly. These vulnerabilities can lead to application crashes or unauthorized access control bypass. The update replaces version 7. 4. 21 and includes important security fixes and enhancements. Red Hat has released this update as an important security advisory and recommends applying it after ensuring all previous errata are installed and backing up existing installations.

Red Hat JBoss Enterprise Application Platform 7. 4. 22 includes important security updates addressing multiple vulnerabilities. These include denial of service issues in Netty components (CVE-2024-47535, CVE-2025-25193), a native crash vulnerability in the SslHandler when using native SSLEngine (CVE-2025-24970), and an improper RBAC permission issue in Wildfly server (CVE-2025-23367). The update replaces version 7. 4. 21 and provides fixes to prevent these security issues. Red Hat has released this update as an important security advisory and recommends applying it after ensuring all previous errata are applied and backing up existing installations.

Red Hat JBoss Enterprise Application Platform 8. 0. 6 includes security updates addressing multiple vulnerabilities. These include a deadlock issue via multiple join requests to the LRA Coordinator (CVE-2024-8447), denial of service attacks on Windows applications using Netty (CVE-2024-47535 and CVE-2025-25193), and an SslHandler validation flaw that can cause native crashes when using native SSLEngine (CVE-2025-24970). The update is rated as Important by Red Hat Product Security. Users are advised to apply the update after ensuring prior errata are installed and backing up their systems. Detailed CVSS scores and impact information are available on the respective CVE pages. No known exploits in the wild have been reported at this time.