—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Information Disclosure Vulnerability in Red Hat JBoss Enterprise Application

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

JBoss Enterprise Application Platform Text-Only Advisories x86_64

Overview

A vulnerability has been reported in Red Hat JBoss EAP which could allow a remote attacker to disclose sensitive information on the targeted system.

Target Audience:

Large-scale enterprises and organizations using Red Hat JBoss product.

Risk Assessment:

High risk of unauthorized access to sensitive data.

Impact Assessment:

Potential for data theft.

Description

Red Hat JBoss is a Java-based server that provides a secure, scalable and high-performance environment for developing, deploying and managing enterprise applications.

This vulnerability exists in Red Hat JBoss EAP due to Insufficient Clearing of the Output Buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier. A remote attacker could exploit this vulnerability by using a specially crafted compressed input to read previous buffer contents.

Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://access.redhat.com/errata/RHSA-2026:1935

Vendor Information

RedHat

https://access.redhat.com/errata/RHSA-2026:1935

References

RedHat

https://access.redhat.com/errata/RHSA-2026:1935

CVE Name

CVE-2025-66566

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmLMUEACgkQ3jCgcSdc

ys/TRQ/7B0V8AAO+llHtGK0PT6/kEPE2hpV9JR8CAm4eAi7kmsfVyigslU9e/fdO

GBvemDvIkdsnGTN9rGTTTKZYFl44PT1xTNn3AkwsJgefudBprs6wUEtmsPHeb2Ac

kr5gDWG5q28JJkIq27lJHMaZqkVvAYpKgJ7BnP6/osIW7WpVe5H++GzUrXsqzL91

+OCrDloYTuiZFUIkpt0tJYWpsCVfziOS0++hov8zV2pa66XnzD8rMEvNtJ2GVPre

MdmuNBH1wjb6BCFIxKSfBeDhmHrwEg0u4NbWLUMgK5m2noQe65J/lVbn8P+MjRSq

FQrFfI6z7iiMbcyUVMQVCRUmVwUMJRUMN1tu0dFVy5Jt5GT0KsHXE+plr/xWGDXY

26j+oPHR+OMquvtP2JNUCbJDDOpY9bMq9nGxrjRSTrBR5QqyqGDiRoIMm+3ot7HD

SVntdjj0dtmnLSOjju2ePsZGZtbsn9DtBZVYEc8R+jH85X5Cyup6BQmjnRgK0tHI

g9wtIH/Lw6Gxn8bksp8+PQxX9Lprq3I2XgwZ/57XdTDDo5rlf1iKDolK3wBoF+kV

+NMhwe9wTZKOFwRgFSK+c/cJdUKp6PLLuxIRE/stPFMHLwnLhPH9lLNtaDx2XUwU

bFeIRzXUrHY8i9mA+784i4FbULAC/aMMm0/t6ueLcGdTmo6bL0A=

=/vno

—–END PGP SIGNATURE—–