Red Hat Product Errata RHSA-2025:10925 - Security Advisory
Issued:
2025-07-14
Updated:
2025-07-14

RHSA-2025:10925 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
  • org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
  • org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
  • org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
  • wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64

Fixes

  • BZ - 2320848 - CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
  • BZ - 2339095 - CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
  • BZ - 2351678 - CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
  • BZ - 2355685 - CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
  • BZ - 2368956 - CVE-2025-48734 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
  • BZ - 2370118 - CVE-2025-35036 hibernate-validator: Hibernate Validator Expression Language Injection
  • JBEAP-29218 - Tracker bug for the EAP 7.4.23 release for RHEL-8
  • JBEAP-28676 - [GSS](7.4.z) Upgrade artemis from 2.16.0.redhat-00053 to 2.16.0.redhat-00055
  • JBEAP-28905 - (7.4.z) Upgrade jbossws-cxf from 5.4.14.Final-redhat-00001 to 5.4.15.Final-redhat-00001
  • JBEAP-29440 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP09-redhat-00001 to 2.3.14.SP10-redhat-00001
  • JBEAP-29815 - (7.4.z) Upgrade wildfly-core from 15.0.42.Final-redhat-00001 to 15.0.43.Final-redhat-00001
  • JBEAP-29862 - (7.4.z) Upgrade WildFly Elytron from 1.15.25.Final-redhat-00001 to 1.15.26.Final-redhat-00001
  • JBEAP-29866 - (7.4.z) Upgrade Elytron Web from 1.9.4.Final-redhat-00001 to 1.9.6.Final-redhat-00001
  • JBEAP-29914 - [GSS](7.4.z) Upgrade ironjacamar from 1.5.19.Final to 1.5.21.Final
  • JBEAP-29969 - [GSS](7.4.z) ENTMQBR-9658 / ARTEMIS-5382 - Merged cluster of JGroup will not lead to the AMQ cluster update
  • JBEAP-30031 - [GSS](7.4.z) Upgrade HAL to 3.3.27
  • JBEAP-30059 - [GSS](7.4.z) Upgrade migration tool to 1.10.0.Final-redhat-00042
  • JBEAP-30264 - (7.4.z) Upgrade commons-beanutils from 1.9.4.redhat-00002 to 1.11.0.redhat-00001
  • JBEAP-30359 - (7.4.z) Upgrade hibernate-validator to 6.0.23.SP2

JBoss Enterprise Application Platform 7.4 for RHEL 8

SRPM
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el8eap.src.rpm SHA-256: f236cf20232e743d1c52ecf53411e8873e95bd4ec68e7b4874f85af3bbf62cb1
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el8eap.src.rpm SHA-256: 4e27df33f400dd1ae3f7fa78e546823abbcfde5d782c5f61d802c80cbdacbfd4
eap7-artemis-native-1.0.2-5.redhat_00004.1.el8eap.src.rpm SHA-256: d4cd46c7f7573a27c9468911fbe2aaebd3e1c2b76f9560cf6b82531cb508ae97
eap7-elytron-web-1.9.6-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: e55f010a6f34b0da3f803b30be96d705dc7be0614c3848ca54fc2c1bc02ea35e
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el8eap.src.rpm SHA-256: 5eab77a4f0f75ce683048fad1dbcb39707f1b7428ad3e602fc10f4ea5e9adb6e
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 6b40c0bc4197e1e9354d8b5cc44f69e752328f33976a406fe089a854f63e1a44
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el8eap.src.rpm SHA-256: 898cb6a28963bf3b6851ac8132a30b8b612e5e1f46b38acbbca1a4e1d0c69b41
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: a6db83a342c3afa98cc7fdea9fd50a47d32fa559a4b3acb561bdd6364beead74
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el8eap.src.rpm SHA-256: 138d2f3c56ba7f1f57f598ed9eccf17dc92cfe0ac9be5d3eed429220cf0d9e25
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: 09c600ab538303bc5da9cfa0547f68d76be0b32a3f85e3e6436bf8ffd51ef43c
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el8eap.src.rpm SHA-256: ab3cab3b37a60365cbce16df8f97bbf876a344801788a9745a9f6fd748718cc3
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el8eap.src.rpm SHA-256: b8ffb7ce7b34f89da9d75a1c785cbc89db3af7b1c106a3f4e0ddcd98e123feae
x86_64
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 1074a9d5ba523026775c0408866a0c0a2b6c363d8dd08cf4cabe3f0bbbd28ad2
eap7-activemq-artemis-cli-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: a15a682d07c6ac54cf87ea29c0f016b673ae5fc298d3ddbd1138cb7406cfe275
eap7-activemq-artemis-commons-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 431bd8e22e234fd0389839193a25199efa1710c7fad1ce45cba6ad53029a2b0b
eap7-activemq-artemis-core-client-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 6a6717389634a52663d99244c0751f450d9b2b3e3ca12e03a3891ba643cf1b6b
eap7-activemq-artemis-dto-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 296449c2e780d5581f420140d8234f4d83e171e6b7cbb45b7578b32c07983ed1
eap7-activemq-artemis-hornetq-protocol-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 50aa58f97dc752c5b5ca8eaf655ea839055d3048007a1d806397be75810ffa80
eap7-activemq-artemis-hqclient-protocol-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: c843f0bfbf5d7d64eb0cad51c2647f0a0a6bd0db35ab0bf6749884035feeefc3
eap7-activemq-artemis-jdbc-store-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 39fa8048681a7b5f4f27db612a7cc0b16c4cb4a88814b56b991fce1cb3fc5060
eap7-activemq-artemis-jms-client-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: a8921098ab9480f3ea849f78a02388a8dd1f4e9bcc61044e401c141ebf7ce857
eap7-activemq-artemis-jms-server-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: a7dd72b9fcc22ff8c32464ec0238ef5fcc7f315ef930095bce816724fe2749bd
eap7-activemq-artemis-journal-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: d4deea6e67a1f85f0bec7b9bc7ed2b6008fa9ee1c7716414a1883804c91e921f
eap7-activemq-artemis-ra-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 5642c45c3b93847b0fae27a865daddcb05e27aee4866f18329d3ac768f8652c6
eap7-activemq-artemis-selector-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: c3bdc8045c510dd2f4ef2e3b8bb55c357cec0248ce73e3b5a934b1bc841697bd
eap7-activemq-artemis-server-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 6256bbe49128fcbbd135d8854fa76ae0bd1119ef7ecec6d0d1e9489ac197cb7a
eap7-activemq-artemis-service-extensions-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 6237b47a25f6bd83b08973d5d4007cae78e3629261fdbe8bf118c7f6a2324a4b
eap7-activemq-artemis-tools-2.16.0-21.redhat_00055.1.el8eap.noarch.rpm SHA-256: 20ee66bb906c9757b99886bdbc95f4ab079c21c4fabf35891fd98da829992b1c
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: d8ca26595f045755c721a4833b1be5b7b1df85676baa52fd4664380dbed6f256
eap7-apache-cxf-rt-3.5.10-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: 0a6a3d7873909be147de8c79761e99f07fb9412c329b2fb3db00c2c6249f48b0
eap7-apache-cxf-services-3.5.10-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: b3f76869e4be4d7be387b349c713e9162b7cc134f89f4fbefe6bd5c11881836d
eap7-apache-cxf-tools-3.5.10-1.redhat_00001.1.el8eap.noarch.rpm SHA-256: dee534cc2b3467ee6a748c9172630f3377a4b669dd6902daf4aecd98446c96e6
eap7-artemis-native-1.0.2-5.redhat_00004.1.el8eap.x86_64.rpm SHA-256: 6d4dc31649e8c8ff9d351dfbb38ac5620baddf4d5c47da9023f2fae4aaad35ee
eap7-artemis-native-wildfly-1.0.2-5.redhat_00004.1.el8eap.x86_64.rpm SHA-256: 82d100e291581898effa99913ca23a03f50895c52c87a6e11c01513677deb59f
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el8eap.noarch.rpm SHA-256: d081ffb62d65c0fffe296a8f8d80896566275ef75d472c6510e9e3842ff595f8
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 3fa676783f1c674d0eec2215c067333da537b44ba6485928e5039c6d1e2cf9cc
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 08fb878648b820d7fcd8aae5e5d37ad3ffa7eee47b95a09ed569b705e4c5bb86
eap7-hibernate-validator-cdi-6.0.23-3.SP2_redhat_00001.1.el8eap.noarch.rpm SHA-256: 2255bb53787b07802060be3d5b11d1f342e2bec88579dadcca6294167f0db316
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 218ed2227cf0fa13f07c3a7c267fbdb57189c47852c816ba7e28c4a281241f51
eap7-ironjacamar-common-api-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: d442b22121d62aaa6afbda6e54b75bcddb1cdcb32f22ad5e9a8176a54b14958a
eap7-ironjacamar-common-impl-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: cf29c922d3846fe6a48cead8102ed99a731dc027aab708f8a8446e1a1f1fd96e
eap7-ironjacamar-common-spi-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: b512fba433ba1384aa57de189dfb17b2e67c31c7cb5063e238c3673658832f55
eap7-ironjacamar-core-api-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 9c6e571a072f61fbb09df84f4bfe708d9d312b79d097a9e832e235322b35e485
eap7-ironjacamar-core-impl-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 1f70a14a1001309dde93c0d919af3d19d32c88e2103c90dc7a63261aa75e7172
eap7-ironjacamar-deployers-common-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 3c1f0398bfb6f87f6d220b1ff68283a7fc10139dc78d53d8c300d34e8b433a74
eap7-ironjacamar-jdbc-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: a18cc2fc0da36b965291488928b655a74194a8a5596fe494e31713c1536e854d
eap7-ironjacamar-validator-1.5.21-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 43514c6788826585a666aade162ebe011dd7f33f5935d4bd2672c0eab48a913c
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el8eap.noarch.rpm SHA-256: 12dfa949d419527d2ed34d94e5af32772c4a0b5c8768eff7d05e050c0b1b807e
eap7-jboss-server-migration-cli-1.10.0-42.Final_redhat_00042.1.el8eap.noarch.rpm SHA-256: c55f679d751c81c734eb35bff53a2179c0c8223212b42da12851ed4feea52cad
eap7-jboss-server-migration-core-1.10.0-42.Final_redhat_00042.1.el8eap.noarch.rpm SHA-256: 5071464a4044c8bc068a9c4c934ab71b2011e4ab30561a66a684c9fa6b92eaf0
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 6790ee3896493fdffee236e94e074d38b2aaf7372885fb83850f61b0ab530297
eap7-undertow-server-1.9.6-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 77405b02ed755cda7d3ff5850392cebca437e3b64be1c3b9572fe88f6e3c0bb9
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: b96440dcd6f701c4e811ebb548d729128bf935e6f8b4e455cb3adedc5530caa8
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 176771e04ccae035c02cedb8494f5eec81e85b6d7b22970ed567a66b065fb914
eap7-wildfly-elytron-tool-1.15.26-1.Final_redhat_00001.1.el8eap.noarch.rpm SHA-256: 0ea23c79a0f4ae3d9ce09d0c8cf6d24219c165479b2f538621fbaeebfacea8bc
eap7-wildfly-java-jdk11-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 12ce195bdecefc218ef40b916faaa2cae800d2e6d87758cffa1003fa98d08f00
eap7-wildfly-java-jdk17-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 3e60fad5afe5eca7fed6831076a7c4366806cbaa74acdefe4b40842888e996c0
eap7-wildfly-java-jdk8-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: 1e0dc4fed972bb21808c2ae8fd29e125de0c1eb8953846a16c5315440ab30411
eap7-wildfly-javadocs-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: de80cdd0297e10a0c6bcaf0d63dc78a2e02f0934033441264a841c96f6c08450
eap7-wildfly-modules-7.4.23-3.GA_redhat_00002.1.el8eap.noarch.rpm SHA-256: a0288e21471fec1b06141eb01d0222d290132508fed38c770970a4f94d8a87ef

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.