Red Hat Product Errata RHSA-2025:10924 - Security Advisory
Issued:
2025-07-14
Updated:
2025-07-14

RHSA-2025:10924 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
  • org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
  • org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
  • org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
  • wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64

Fixes

  • BZ - 2320848 - CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
  • BZ - 2339095 - CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
  • BZ - 2351678 - CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
  • BZ - 2355685 - CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
  • BZ - 2368956 - CVE-2025-48734 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
  • BZ - 2370118 - CVE-2025-35036 hibernate-validator: Hibernate Validator Expression Language Injection
  • JBEAP-29217 - Tracker bug for the EAP 7.4.23 release for RHEL-7
  • JBEAP-28676 - [GSS](7.4.z) Upgrade artemis from 2.16.0.redhat-00053 to 2.16.0.redhat-00055
  • JBEAP-28905 - (7.4.z) Upgrade jbossws-cxf from 5.4.14.Final-redhat-00001 to 5.4.15.Final-redhat-00001
  • JBEAP-29440 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP09-redhat-00001 to 2.3.14.SP10-redhat-00001
  • JBEAP-29815 - (7.4.z) Upgrade wildfly-core from 15.0.42.Final-redhat-00001 to 15.0.43.Final-redhat-00001
  • JBEAP-29862 - (7.4.z) Upgrade WildFly Elytron from 1.15.25.Final-redhat-00001 to 1.15.26.Final-redhat-00001
  • JBEAP-29866 - (7.4.z) Upgrade Elytron Web from 1.9.4.Final-redhat-00001 to 1.9.6.Final-redhat-00001
  • JBEAP-29914 - [GSS](7.4.z) Upgrade ironjacamar from 1.5.19.Final to 1.5.21.Final
  • JBEAP-29969 - [GSS](7.4.z) ENTMQBR-9658 / ARTEMIS-5382 - Merged cluster of JGroup will not lead to the AMQ cluster update
  • JBEAP-30031 - [GSS](7.4.z) Upgrade HAL to 3.3.27
  • JBEAP-30059 - [GSS](7.4.z) Upgrade migration tool to 1.10.0.Final-redhat-00042
  • JBEAP-30264 - (7.4.z) Upgrade commons-beanutils from 1.9.4.redhat-00002 to 1.11.0.redhat-00001
  • JBEAP-30359 - (7.4.z) Upgrade hibernate-validator to 6.0.23.SP2

JBoss Enterprise Application Platform 7.4 for RHEL 7

SRPM
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el7eap.src.rpm SHA-256: 4d93d05b38b8d18eb34f0d2a81faaefd056c430d2158484bc5cf1c6f02eccaea
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el7eap.src.rpm SHA-256: cd9819dfdef8faff0d589ea86bd20b5f49bb727b2d5cb2ee78c11a55ecb27c15
eap7-artemis-native-1.0.2-5.redhat_00004.1.el7eap.src.rpm SHA-256: 3c38f0427be8ad2dc8d1fcb3a14ad0ddd3358ad78958ef1a950b8048c63a1302
eap7-elytron-web-1.9.6-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 3cda32bf296c32f0e3b474534c10e999de87d154d5d6e99c0b361a437e31355d
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el7eap.src.rpm SHA-256: 98c4eb1d13607cd18fc02de7cf1d1b5d53b838ba01197499068e37f44cabe0df
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: f643be88c40e0c65f8ee97987adfcc447ef0d532684a8a9a482e4e77dc928767
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el7eap.src.rpm SHA-256: a611bff5beeaaf26b61af5f509bc7bc5dfc073c2c4a23d0ebf25af9aeda34f6b
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 7d85ecf27b3acd3ad4ee8a31ebc2f43d1aa96cd8c5fa72b25248e9124b1d2542
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el7eap.src.rpm SHA-256: 949926ac159edea1a3762bda8ea0c6e4a334f0805a99bc0b9aa58604fc1f8cca
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 87826fb4956aed5d97381fd4ab66f4803b84feb1d754a167f10b5d7e6493b97c
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el7eap.src.rpm SHA-256: ca411fe19606d8b4baf08332672fd93ba1db0c8936e3b5e9c71b1b20c545464b
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el7eap.src.rpm SHA-256: 575723a261794786ffce6109902cee7902acdc603f8bac7cb98490b1e63aaa8e
x86_64
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 5ad9bb51e5c4b7676de22750ac1658bc5d2fc04a66bd5db1f388d329b9ba0480
eap7-activemq-artemis-cli-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 4c3831ba745de4c3619b5c6b1ee2cf4ca8cab735eab598bbf2918d2577409171
eap7-activemq-artemis-commons-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 2b4f2e3a3ff35c321dfdbfe18c558bf0f6f0cfb9be5696eb5c8977e11c323478
eap7-activemq-artemis-core-client-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 013b6c4a60dda465478c233f63eb932457c239544719be7285075ad17ec25f26
eap7-activemq-artemis-dto-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: cd20d142f570ee2a79a7509ae460adaea8b1999531e49b11baf9dac6e22b0815
eap7-activemq-artemis-hornetq-protocol-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 86f05c8f42d801484e9d16e26be9c7a1f9930a3e245d4ea69119b628c3b58e26
eap7-activemq-artemis-hqclient-protocol-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: f421edd8930a39a0c0ff97ee7508bbf67161d8d5d4bc74b3299c6a4f1fa4dab8
eap7-activemq-artemis-jdbc-store-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 284e2a1253fd98c87f11a07324e78cb0deb46dc584e4556ce44a28240ec9ae21
eap7-activemq-artemis-jms-client-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 1d30d42d01fa787e43b145dc1963dc0bc93be3b54211448cefbcc556d476217d
eap7-activemq-artemis-jms-server-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: a57b7d2ee25a70a7098cf8a0835f3b3e9f579d0d6a062aff4cedb20ecd6c679d
eap7-activemq-artemis-journal-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 136ed79f1d022cc2d7f705065abfe2e272ee578b4e8fe4d9ac87960b47851aad
eap7-activemq-artemis-ra-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 8a3bcb3f2c22c7449ab505f5a1a610b51ceb1f5ff7edf9fcd716c2dd55b5aaff
eap7-activemq-artemis-selector-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: b95e26e5eb30773405ab4d34a52d6bf83e62c563b61b780f7226b5f402fa8c0a
eap7-activemq-artemis-server-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 142540723addf9268344909fa64cafaccc0e5ee2ca85f351a3833e3df6650cf7
eap7-activemq-artemis-service-extensions-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: d4a4d4cc01d47660aaebf556d97c3038cbbe0471366adb10396a419bdbaa42d9
eap7-activemq-artemis-tools-2.16.0-21.redhat_00055.1.el7eap.noarch.rpm SHA-256: 3a22423bb7bc6f25c74d8f7a517ee5dcc8b4669ed2a28c800145b5584c103d55
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 8a018c9ddd45443cd0cfc6cb5cbb2ebb7204b5f604e343f46af6860d493b6eb9
eap7-apache-cxf-rt-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 920c4eb39acee2cb0ed3ce2efa24291293b8ffc04b2db9e54fb2222d7fde9558
eap7-apache-cxf-services-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: 7a5408fe4b690588b3d219081ffb23a7a04c17d094803ca05c1f3ff1003997b0
eap7-apache-cxf-tools-3.5.10-1.redhat_00001.1.el7eap.noarch.rpm SHA-256: e4bc352b827493d08b2627861b300fc1f4b4a67802fade55c10c9c1878e46b0a
eap7-artemis-native-1.0.2-5.redhat_00004.1.el7eap.x86_64.rpm SHA-256: 7e8028d3833b6d64760795f7cf3d693f19eee6f08786a3e7fcd8f7dacb49ef61
eap7-artemis-native-debuginfo-1.0.2-5.redhat_00004.1.el7eap.x86_64.rpm SHA-256: 55c0b67207521b71b5d3d6c9b151393f6918783632060482bc691aa9f3694c08
eap7-artemis-native-wildfly-1.0.2-5.redhat_00004.1.el7eap.x86_64.rpm SHA-256: b52c2b93ddb8334eb1e194011157c8c23f38e6a897f0822df086187b87d0436e
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el7eap.noarch.rpm SHA-256: f277af9b63b89a0e8ab702e83aae8d3b86fa8856e26b49eec67213623ee5e049
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: baab80fafe403ef28fc06a01194d70786c7fd1b92215bd9b785d27a45a3e0c05
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el7eap.noarch.rpm SHA-256: b612eef310b2dcd51088b6a48c2b84ac2415dda8be433350131794e33b75dbb0
eap7-hibernate-validator-cdi-6.0.23-3.SP2_redhat_00001.1.el7eap.noarch.rpm SHA-256: 33e6b457d0ac61f8b4a474ef9250a8ee7a8ab61e9d23d32950a8b470b8026124
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: cc7c54a08c7f40a659a088e605710d508d7d81cff4e991da68cd8698d4284079
eap7-ironjacamar-common-api-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: d4cf31c6b1ce0277b43423341ce3d3a85430d2c6d2ac76d1c63dab3102d5e066
eap7-ironjacamar-common-impl-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 0094f3a4f533bbc2a64022f2bb877b2a0f3bd1c422e64f7af551dccf4a45fefa
eap7-ironjacamar-common-spi-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: c533b4b7a8ba8f5ba4aa53e6a631fbe0b325f842b621a88a2ae7ce8904361583
eap7-ironjacamar-core-api-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 59a7dd95ef26d5c4d85aea7dbe10118c867c275a9af891700f76aff5ca9af584
eap7-ironjacamar-core-impl-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 0fbeecca5956fb329d237ed33960043d6d2d53c1be0fe4164737b8ec7c8e5d65
eap7-ironjacamar-deployers-common-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 6feedddbed872251a92f2e0f8043b081ef1c4efec691017749c587b11829a5d8
eap7-ironjacamar-jdbc-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 0ef6cc713c4f85d78be15f030b354e1bd581c4be8a6699b81b56f99bcb444c59
eap7-ironjacamar-validator-1.5.21-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 3c1520ffea76373f1e03525b54d17086e77cbd0385f22f231adc1d67c3ac600b
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm SHA-256: 20c3be90d13dd590f2133efab3279945ff4ec4a5e731dc1ff1ef999348bb8306
eap7-jboss-server-migration-cli-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm SHA-256: ada120295343dc28e06a117ad8b371583b9abbd07d96574be08ac676a9cb54fd
eap7-jboss-server-migration-core-1.10.0-42.Final_redhat_00042.1.el7eap.noarch.rpm SHA-256: 2ee7d5b1c0a4083c7487aea462d74f73f48c8a508fa0994136e4fe572ff5f261
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 5a58e1adc3f49ff9c1d2781638cb71fe5b7315e522388a2682075caf2f89c2b4
eap7-undertow-server-1.9.6-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 44edf21eaaf3219a0fea513413e818d518c99a6d0441fb4f397fb4efc2173d78
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: c7b0ee2fa01ec008605de289541992a9076cd31513cdb979b1e81f597049a2ef
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: 4858fa621ffbc4ee3114e0f8fb479f88cab8bef08cf7629b112a0c9eb9595ff5
eap7-wildfly-elytron-tool-1.15.26-1.Final_redhat_00001.1.el7eap.noarch.rpm SHA-256: a17248eb54d85ab75cd39c3c0d111fc5a21bca7ed0efc71cb346931d2d72fea5
eap7-wildfly-java-jdk11-7.4.23-3.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: e4dfded71f8f7815e18e03e4332aca6cdfa2d9b81d88d9f30a693609ad7f2471
eap7-wildfly-java-jdk8-7.4.23-3.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: a2a29f07bf98280403e26080440185f46c5e7f2e2f3d3e082524f4f62134c378
eap7-wildfly-javadocs-7.4.23-3.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 1e62f73c6363c8b87cdfbd01ba5d15cfc5ceffe0e02bb47ea2820ec4d2811cd7
eap7-wildfly-modules-7.4.23-3.GA_redhat_00002.1.el7eap.noarch.rpm SHA-256: 4bc054efbad84607d24ab815768964e74aead74240b065311ae2a70930e9bdb7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.