—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in RedHat Jboss products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Red Hat JBoss Middleware 1 x86_64 AMQ Broker prior to 7.12.5

Red Hat JBoss Middleware Apache Kafka prior to 3.0.1

Overview

Multiple vulnerabilities have been reported in Red Hat Jboss products which could allow an attacker to execute arbitrary code or can cause denial of service condition on the targeted system.

Target Audience:

Large scale enterprises and organizations using the Red Hat JBoss products.

Risk Assessment:

High risk of unauthorized access and bypass authentication.

Impact Assessment:

Potential for service disruption, remote code execution or system compromise.

Description

Red Hat JBoss is a suite of enterprise-grade, open-source middleware products designed for building, deploying, integrating, and automating Java-based applications. They are ideal for developing both monolithic and micro service-based architectures in hybrid cloud environments.

These vulnerabilities exist in RedHat JBoss products due to a flaw when accessing enum properties in an uncontrolled way, incorrect enforcement of channel binding when configured as required and uncontrolled recursion issue.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or can cause denial of service condition on the targeted system.

Solution

Apply appropriate fix/patches as mentioned in RedHat advisory

https://access.redhat.com/errata/RHSA-2025:16409

https://access.redhat.com/errata/RHSA-2025:16407

Vendor Information

RedHat

https://access.redhat.com/errata/RHSA-2025:16409

https://access.redhat.com/errata/RHSA-2025:16407

References

 

https://access.redhat.com/errata/RHSA-2025:16409

https://access.redhat.com/errata/RHSA-2025:16407

CVE Name

CVE-2025-48734

CVE-2025-49146

CVE-2025-48924

CVE-2025-55163

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjT+bgACgkQ3jCgcSdc

ys/IFg/+L9AVL1ctHuTa2gIWU8aWlHHAVu0r3fFNuzru5vASgdMpWR0D6jEVqasw

Q+G2wEDkVH/XZBQmhSSkU2FPZt1tw2HNnwwADtxPkipohK4CppWPLNBE/fxYeALa

gTc/gHrWGYSYqePLeXQailaOEgmTTlPF2SmOqRONLwVRe2EGyb37kZo2YcmjARqT

H2eFyVbFuqyaqwJvKTatU1+iztQdmYdgThIMVzsHasLW23We+Us7t5cXS1TMGHnB

8swaMRWRE7/n8eq/Qnm6qB1pCUyVEcbEmhkA/MGJ5U4PXC0ePutotBqgngSNEfuR

NyH+/bFmjM6lP0mn1zaDLofm2d+uPSuFJM0bbO0JyTtIs1roe1RxnsbKKVr2I9WT

wAquUJE9tumtmJyVEUwZGXPDf5OKeaKB/En9EFYTmSNX26cFqPSCHTsdx1jtfyDM

e3+1fnEylx4SMLH9w4UcSXRcGDN8GaCBCr3LmKuX6NeUJJHw9dgvcbzmZ604okW+

pGtNO08fjRk9mk0F779ZLk5g7SuJuBMuXghlqG6VoQP3c9go9KR9ohs2AlTNNb6K

xIx6KdZNSeBkrGGqnwiblzHNwSlTjn1hypRi22gVdgb6qtlkYw7u/WumWT8mvdmG

lkY43XE3FKuF3SZkBususFD4PplTTkLFJQOVPTYcbLH1E5IUGQY=

=JhyC

—–END PGP SIGNATURE—–