—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Red Hat JBoss 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Red Hat JBoss Core Services Text-Only Advisories x86_64

Overview

Multiple vulnerabilities have been reported in Red Hat JBoss which could allow a remote attacker to cause denial-of-service (DoS) condition on the targeted system.

Target Audience:

Large-scale enterprises and organizations using Red Hat JBoss products.

Risk Assessment:

High risk of unauthorized access to sensitive data, disruption of services.

Impact Assessment:

Potential for remote code execution, service unavailability.

Description

Red Hat JBoss is a Java-based server that provides a secure, scalable, and high-performance environment for developing, deploying, and managing enterprise applications.

These vulnerabilities exist in Red Hat JBoss due to use after free, NULL pointer dereference when processing XPath XML expressions, Type confusion error, integer overflow in xmlbuildqname() and out-of-memory flaw in the XML parser. A remote attacker could exploit these vulnerabilities by sending a specially crafted request.

Successful exploitation of these vulnerabilities could allow a remote attacker to cause denial-of-service (DoS) condition on the targeted system.

Solution

Apply appropriate fix/patches as mentioned:

https://access.redhat.com/errata/RHSA-2025:19020

Vendor Information

RedHat

https://access.redhat.com/errata/RHSA-2025:19020

References

RedHat

https://access.redhat.com/errata/RHSA-2025:19020

CVE Name

CVE-2025-6021

CVE-2025-49794

CVE-2025-49795

CVE-2025-49796

CVE-2025-59375

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkCI1sACgkQ3jCgcSdc

ys96RA/+K38dMpi9OIfn/InT868biCmWX4x4u9Sz1YeSzb9PW4mE1+O86W9JKD9o

FCylRWc0XWKHS4jeSCNCl0b3o/D/iQCyIA6mJKOf8miPKoNO1YuIEzW7VlSIVwFv

dEJCTe++GjnyTu3Atij0egt14m0AKPQ+aZFQFYED+PVkCPx1KcWSxvEDz50ez56k

ONmgzWXlfdnFIoVfmlU5abejvJgY+BHAWSpEOnp57pYsl7lyA6P3ehrPGtnfj5aR

YMT46SFbOMAQ1OH9hYZ5IJ1RkpVWOrfFCeeecp85CeNtq9UQ1e9ZLdg4kI4skvrw

R8V2bvatYyO0hXelP9RiP8ShZSQJCR8HOxP+1uC8MTJxm9XmBIV06iwsloSX6J3D

dxkQnXL7Hb2EPPacqG0c0qzI7+dDMSr8z09jTXKOC/Hils1Yp4kIFOSd95xaPLQc

b4MigOzbD5xJV+mr+pGRASfPyQYkOgJxiMbuAoCxJFnAVHlrFogOUTXnZuB4cPvk

Zfg3ocBQkGCqWPXx2TUEE3fhZsKmz8O09ol18+yad9GGOYFBPS6ymPnV/v+6iZLG

DmyF1d3Oa1O/2eDRmKUh8Vl7NE+5KZADQvFLLXulvYCbTICtRaPi0Zlqhu2gWTvX

qXDwG6iN2nPg/JUV1zGDKrmsXLUJACyGV71dnOsiq+u1jsvVjmw=

=slnN

—–END PGP SIGNATURE—–