CVE-2025-2251

Name of the Vulnerable Software and Affected Versions WildFly (affected versions not specified) JBoss Enterprise Application Platform (EAP) (affected versions not specified)

Description A security flaw exists within the Enterprise JavaBeans (EJB) remote invocation mechanism, stemming from untrusted data deserialization handled by JBoss Marshalling. This allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.

Recommendations For WildFly, consider disabling the EJB remote invocation mechanism until a patch is available. For JBoss Enterprise Application Platform (EAP), restrict access to the EJB remote invocation mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.