What is the severity of CVE-2025-2251?

CVE-2025-2251 has been rated as critical due to its potential to allow remote code execution via untrusted data deserialization.

How do I fix CVE-2025-2251?

To fix CVE-2025-2251, update WildFly or JBoss EAP to the latest patched version provided by Red Hat.

Which versions of WildFly are affected by CVE-2025-2251?

CVE-2025-2251 affects multiple versions of WildFly prior to the security update addressing this vulnerability.

Can CVE-2025-2251 lead to data breaches?

Yes, exploitation of CVE-2025-2251 could lead to unauthorized access and potential data breaches.

Is CVE-2025-2251 related to Java security?

Yes, CVE-2025-2251 is related to a flaw in the Java serialization process used by JBoss Marshalling.

Vulnerability/
CVE-2025-2251

medium

6.2

CWE

502

12/3/2025

7/4/2025

24/4/2025

CVE-2025-2251: Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution

First published: Wed Mar 12 2025(Updated: )

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
WildFly
JBoss Enterprise Application Platform

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-2251?
CVE-2025-2251 has been rated as critical due to its potential to allow remote code execution via untrusted data deserialization.
How do I fix CVE-2025-2251?
To fix CVE-2025-2251, update WildFly or JBoss EAP to the latest patched version provided by Red Hat.
Which versions of WildFly are affected by CVE-2025-2251?
CVE-2025-2251 affects multiple versions of WildFly prior to the security update addressing this vulnerability.
Can CVE-2025-2251 lead to data breaches?
Yes, exploitation of CVE-2025-2251 could lead to unauthorized access and potential data breaches.
Is CVE-2025-2251 related to Java security?
Yes, CVE-2025-2251 is related to a flaw in the Java serialization process used by JBoss Marshalling.

collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2025-2251
agent/title
agent/references
agent/weakness
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/source
agent/author
agent/tags
agent/event
vendor/red hat
canonical/wildfly
canonical/jboss enterprise application platform

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.