[CIVN-2025-0251] Multiple Vulnerabilities in Red Hat JBoss Middleware

By Published On: October 9, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Red Hat JBoss Middleware 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
Overview
Multiple vulnerabilities have been reported in Red Hat JBoss Middleware which could be exploited by a remote attacker to perform HTTP request smuggling or cause denial-of-service (DoS) condition on the targeted system.
Target Audience:
Large-scale enterprises and organizations using Red Hat JBoss products.
Risk Assessment:
High risk of unauthorized access to sensitive data, disruption of services.
Impact Assessment:
Potential for data exposure and manipulation, service unavailability.
Description
Red Hat JBoss Middleware is an open-source platform for developing and managing Java applications, offering integration, automation, and cloud-ready features to help enterprises build scalable and secure solutions.
Multiple vulnerabilities exist in Red Hat JBoss Middleware due to improper validation of buffer sizes, flaw in Eclipse Jettys HTTP/2 implementation and incorrect parsing of chunk extensions. A remote attacker could exploit these vulnerabilities by sending a specially crafted request.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform HTTP request smuggling or cause denial-of-service (DoS) condition on the targeted system.
Solution
Apply appropriate fix/patches as mentioned:
https://access.redhat.com/errata/RHSA-2025:17567
Vendor Information
RedHat
https://access.redhat.com/errata/RHSA-2025:17567
References
RedHat
https://access.redhat.com/errata/RHSA-2025:17567
CVE Name
CVE-2025-5115
CVE-2025-27533
CVE-2025-58056
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjnuh8ACgkQ3jCgcSdc
ys/fyRAAo0e/Hp4soJv/yKgsnPYlm59v5OKXQXHpYkKAizCEOR7Eb7CL2vTWlB6f
tuZdzUpmOEg282G6Wyogn0+QGFfi4L++Id+qT6ZHnci/K86veepU0LiHXPQ+GwNd
zK65Iq+OFIMHZ3MfKAwkT0pyP+AbQZX3Xw5QM/xFYPX2y1EG8yhBrGbR/XO5QIN+
hjJvs9edA5SVFoPdar7wgm3+AvsCyE5FkLDuID11YdG/pWbCHQ3/hjVUD1BASdfV
i8Pntv159WT6xh5nbG5+RHsF7Nw8pc4uuBLGm6FXlGuQPEL9UFV9o6BCdjqx4uhP
c64xJ2WTkBQI+Eneia3FVe3jt8FPDPrsqc7Yi3EViZXaekwFTuKAw+HC17THxcjP
KUvvIkfzPL+TL9EQSXhu2eznLxdKEdsvLIwWlfUuVdyeDbrcKmRC+3IK7DjsKbmG
kF0IsxfkYj/mvvYGDunUqkPD/yJNkAoHhOGur/Sd23qtdHB5adRsD8Amg+90xtJm
KdVF3NCjLw/c393bfBqUrDhDNOCXs/5oB0c5nQnaPBtnLkvrwgR0l6N2qeQW+nTr
9r9bgFVByfw+8AzidY3XySxmHerEnE2sbLwfsDCqzbB2e/TvjEh+xEfLgwvcXvtA
nIazHeIFLGjfr5/TbSGVWQ228uRhi0T8j2U/OoNyCt/RRrpVGko=
=hmIV
—–END PGP SIGNATURE—–

Share this article