Red Hat Product Errata RHSA-2025:10926 - Security Advisory
Issued:
2025-07-14
Updated:
2025-07-14

RHSA-2025:10926 - Security Advisory

Synopsis

Important: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
  • hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
  • org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
  • org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
  • org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
  • wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

  • JBoss Enterprise Application Platform 7.4 for RHEL 9 x86_64

Fixes

  • BZ - 2320848 - CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)
  • BZ - 2339095 - CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
  • BZ - 2351678 - CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
  • BZ - 2355685 - CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
  • BZ - 2368956 - CVE-2025-48734 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
  • BZ - 2370118 - CVE-2025-35036 hibernate-validator: Hibernate Validator Expression Language Injection
  • JBEAP-29219 - Tracker bug for the EAP 7.4.23 release for RHEL-9
  • JBEAP-28676 - [GSS](7.4.z) Upgrade artemis from 2.16.0.redhat-00053 to 2.16.0.redhat-00055
  • JBEAP-28905 - (7.4.z) Upgrade jbossws-cxf from 5.4.14.Final-redhat-00001 to 5.4.15.Final-redhat-00001
  • JBEAP-29440 - [GSS](7.4.z) Upgrade Mojarra from 2.3.14.SP09-redhat-00001 to 2.3.14.SP10-redhat-00001
  • JBEAP-29815 - (7.4.z) Upgrade wildfly-core from 15.0.42.Final-redhat-00001 to 15.0.43.Final-redhat-00001
  • JBEAP-29862 - (7.4.z) Upgrade WildFly Elytron from 1.15.25.Final-redhat-00001 to 1.15.26.Final-redhat-00001
  • JBEAP-29866 - (7.4.z) Upgrade Elytron Web from 1.9.4.Final-redhat-00001 to 1.9.6.Final-redhat-00001
  • JBEAP-29914 - [GSS](7.4.z) Upgrade ironjacamar from 1.5.19.Final to 1.5.21.Final
  • JBEAP-29969 - [GSS](7.4.z) ENTMQBR-9658 / ARTEMIS-5382 - Merged cluster of JGroup will not lead to the AMQ cluster update
  • JBEAP-30031 - [GSS](7.4.z) Upgrade HAL to 3.3.27
  • JBEAP-30059 - [GSS](7.4.z) Upgrade migration tool to 1.10.0.Final-redhat-00042
  • JBEAP-30264 - (7.4.z) Upgrade commons-beanutils from 1.9.4.redhat-00002 to 1.11.0.redhat-00001
  • JBEAP-30359 - (7.4.z) Upgrade hibernate-validator to 6.0.23.SP2

JBoss Enterprise Application Platform 7.4 for RHEL 9

SRPM
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el9eap.src.rpm SHA-256: 167d0e1a19b96bc55eedba02b06e3eb4fff0f967cd47e2e1a7a98717750047cf
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el9eap.src.rpm SHA-256: 97a5387d91a3c167f2da805e78337977ebf236f7433f43259161d42ccc80edc2
eap7-artemis-native-1.0.2-5.redhat_00004.1.el9eap.src.rpm SHA-256: 2d7161afdccefe8ab4101f17503206198f8edb4e7610837ce809f2692ee34845
eap7-elytron-web-1.9.6-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 55d389007bfa74773b0234f09bb3ba7a86159e345241defb5eb983025ad29d61
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el9eap.src.rpm SHA-256: bc77616c2e178857733ff91b23929779d32dd84fd5a4356b80e96814fa3b6216
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 62d3430d80f3c4b16aa5089758519be593f150e6f0d48746375ba7f512671067
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el9eap.src.rpm SHA-256: 93052050531356a1c50004cb2dac572a6356028dcc19e7679464d9c759bbe5db
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 4adf3a5a0ae95824d1930c492206eeac389ac16f26f47545dc36722191d059e9
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el9eap.src.rpm SHA-256: c252b5cc6749db8d768ec1992dc821b45473a3c3cf095e9c041d8e5cd00131f4
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: f398e0e3e9d53fce87e9a57b9ce9072175544abdedc3daab8be356e13cf1a778
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el9eap.src.rpm SHA-256: 25dee6abd37eabaf755ba8fb07788054f3c4b553d2d82d4e1267eb46796eeb43
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el9eap.src.rpm SHA-256: 965b301204109cd2de94d21c1cb9bc8fb2e6edf3ab4ab00251af5f4900b44bfa
x86_64
eap7-activemq-artemis-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: fd4c003e8cab997e4aca9751d048530db92167ce73bcdc82c269f2287f7dbb8e
eap7-activemq-artemis-cli-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: cb9302f6270466b47c1512db29bc3536b6e2d8d9c609ed31a50bdc565ce0dba3
eap7-activemq-artemis-commons-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 9bd703742921ec1ce9d0ec583bf6391ba7f56b158865ff70150951926bb51c5a
eap7-activemq-artemis-core-client-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 7a8d2a951b721bd65e1cde8de3ed7e7237505271bc7edc016cadf1cf201d8a0e
eap7-activemq-artemis-dto-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 185b24fadb05cb96e2897c0aefbbf2529e39d7c00bcab88ff9a8f55107f1c22a
eap7-activemq-artemis-hornetq-protocol-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 375b2674f25568155768d015b09dc6e53472b40b35e1e49bac893adf183c1806
eap7-activemq-artemis-hqclient-protocol-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: a0e014c196d99d5855c246f1a8917dcb91304015f658cbbdfbfe936fce99cdc0
eap7-activemq-artemis-jdbc-store-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 8e16fcd93f442283b636659125e36c308eeb4056b7e81cb7453db83cd57a5b5f
eap7-activemq-artemis-jms-client-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 99d09c219b75f2750d5dae5bcb118670b8ea89ff38aba51df6f67d2504b29c09
eap7-activemq-artemis-jms-server-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 232664ab4ec1b21d130353b08678f4e37bd282d6d05f10a2deb14a106a3b4084
eap7-activemq-artemis-journal-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 4abeca9607cc7acf6c6e658b0e7aa32f9aba6f0fc440f6eabe94a95ae284dea7
eap7-activemq-artemis-ra-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 99a2250364353b7bef79ae1f4c48d4b005fd501a87604f76b95eaf730a9bd3ed
eap7-activemq-artemis-selector-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: ac4f13e7a53ee076a6573d7fc4fa82d3e5a2db048eb75e09b55f9300f13964be
eap7-activemq-artemis-server-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 4012c810f2099d6b4ec93964105e691de280ed3f5fc56d74bd33441d8a82ada5
eap7-activemq-artemis-service-extensions-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 2d4a3c3ab74c53c7f5dafc20afd907b77073c47f31c7037bd0e00c20f4e03e14
eap7-activemq-artemis-tools-2.16.0-21.redhat_00055.1.el9eap.noarch.rpm SHA-256: 1bf7b8b31efbf3c5b23b845bcbd4a04fae7a230d686794a024438dc8b040b22c
eap7-apache-cxf-3.5.10-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 32112dd4adf88831b8312b6c99f7565c8dd3651f469ede2289665516b00b6d26
eap7-apache-cxf-rt-3.5.10-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 2629aafc4167c1e5d63c322b44be8ee53f26edffbecff8b42a81a84b425d0159
eap7-apache-cxf-services-3.5.10-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: 34dcd11e21ab31828a2fc8f67dcc4ffec632a710778042e62761b875a1ddc015
eap7-apache-cxf-tools-3.5.10-1.redhat_00001.1.el9eap.noarch.rpm SHA-256: cb6b83cf9687c8b8b719e65c0bcc4fcde88dfd38260ee3991f9b9c4497a351d4
eap7-artemis-native-1.0.2-5.redhat_00004.1.el9eap.x86_64.rpm SHA-256: a53baa32107b855260c5f3b67fb984c7edd4de9bc30252ea08f0db8783aeeaf7
eap7-artemis-native-wildfly-1.0.2-5.redhat_00004.1.el9eap.x86_64.rpm SHA-256: 8d52fe048fe1754a68bbdcdfe9088950d5d85044df7f41a013d2c2e76cba97c4
eap7-glassfish-jsf-2.3.14-9.SP10_redhat_00001.1.el9eap.noarch.rpm SHA-256: babda01118f17f94dd57aac156b80b23acdf2a7a68f1afc939a2050a4b3ad8ca
eap7-hal-console-3.3.27-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 10bb678690750ead716b73b7875e869a5f1d78e216e39974a8761f2d5fb5bcb4
eap7-hibernate-validator-6.0.23-3.SP2_redhat_00001.1.el9eap.noarch.rpm SHA-256: 73b58634ed3bd317585cca96f86820cfdd1bd2d7a4b069ddd63e56e153767a8c
eap7-hibernate-validator-cdi-6.0.23-3.SP2_redhat_00001.1.el9eap.noarch.rpm SHA-256: 386db4213222cd115e33b9ea5f9c02a65cff1f44505a088c2c7345426f4ec5c6
eap7-ironjacamar-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 4942b9b32b714e7cde9315531f79a0298c1cc24ee5b0e1a932bfbd32ccfd914b
eap7-ironjacamar-common-api-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 8c6e5db61d41d7dcf164743024e8c6c39d932c9b1c82571693a000509d1c8848
eap7-ironjacamar-common-impl-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 0234797735da44653e3a419e1510d9922f93e1d3deb3ae723eb49cf7c3841a3a
eap7-ironjacamar-common-spi-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 9870b142492ffc6a6f7c509c494c7a38af9074fcdf5f96273d3957c5266924e6
eap7-ironjacamar-core-api-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: c45645d0b11e1d7b99282dde9d2e2a22be8e4939f86974e886e69d7f83237c60
eap7-ironjacamar-core-impl-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: c1631415fd5f8b7d62908f5fe6d94ca66903a00161366d85fec6a3261434424a
eap7-ironjacamar-deployers-common-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 81b201f0a13df08f3faaf5b1827b979fd8d130bdb5f7795649d65e29ce9260df
eap7-ironjacamar-jdbc-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 8276c57663cdb69942be6fdd13747cf7c2bc9b7b3e8fcea7492fb0acba3db7b7
eap7-ironjacamar-validator-1.5.21-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: a46181abaad206a2b700ad32e334c9b65cdc9a70fb62b64d4004c8527490dc58
eap7-jboss-server-migration-1.10.0-42.Final_redhat_00042.1.el9eap.noarch.rpm SHA-256: 8a48f12408c2bb958d25d06e86f30c55da3060ea2332d3d87b8140c454bca95e
eap7-jboss-server-migration-cli-1.10.0-42.Final_redhat_00042.1.el9eap.noarch.rpm SHA-256: 0c5c70f136de3093f3b262be359b73137f4f37499b48d91a4965648cad508594
eap7-jboss-server-migration-core-1.10.0-42.Final_redhat_00042.1.el9eap.noarch.rpm SHA-256: 829b2aeaaf441e98eb57a6169851dfb84934c88d12ca9dd55eda0a30a929f8c0
eap7-jbossws-cxf-5.4.15-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: c0181337162537624baf3e60a71645ba907a84b45d5605a086dc427561888780
eap7-undertow-server-1.9.6-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 083c72d55bde2ef150856822effcd21b997322dd05c8297bb455d126b1235129
eap7-wildfly-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: 4a95dde0bbace30d7a024cfa9566b44d710cc517934ed9a7b66edd8c678d6186
eap7-wildfly-elytron-1.15.26-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: bcc691f96efff883efce77c6d8405f8fbca61b7ef543b37fde2f3162e90c2b74
eap7-wildfly-elytron-tool-1.15.26-1.Final_redhat_00001.1.el9eap.noarch.rpm SHA-256: 91eade09a71d236bd5c50871acb0eda6cd537293bad088d834bd4036f729376a
eap7-wildfly-java-jdk11-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: 30574a7c00261998884c0e9845eb1f4ba31ddb75cecc4b86d21fedfc913bd6f1
eap7-wildfly-java-jdk17-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: 6570798c5740fd84cabfc3a07a23a38b3bd8a5ef683aad2453bc11eee08bf976
eap7-wildfly-java-jdk8-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: 9b44ab4a398aab5608c2b5d99f41f9f2058e70e4e8a39782a17cb3a225857059
eap7-wildfly-javadocs-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: f2917ebe3db9f23c1d4229b60b32b4d1d8d2a9152523a4afcac4efe7dfca4bbe
eap7-wildfly-modules-7.4.23-3.GA_redhat_00002.1.el9eap.noarch.rpm SHA-256: ff995e94e443324e7e5fa8747aaf891d66cc3de241cc08ffe9a887ccb9d86f7c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.