Primary

Context

WildFly and JBoss EAP Unauthenticated Remote Code Execution Vulnerability via Deserialization

Vulnerability

A vulnerability allowing remote code execution has been identified in WildFly and JBoss Enterprise Application Platform (EAP). This issue arises within the Enterprise JavaBeans (EJB) remote invocation mechanism, due to untrusted data deserialization managed by JBoss Marshalling. An attacker can exploit this vulnerability by sending a specially crafted serialized object, executing code remotely without authentication.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where WildFly or JBoss EAP is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WildFly and JBoss EAP Unauthenticated Remote Code Execution Vulnerability via Deserialization

Vulnerability

Impact

Affected Products

Red Hat WildFly

Red Hat JBoss Enterprise Application Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating