CVE-2025-48913

CRITICAL

Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update

Details

CVSS v3: 9.8
NVD published: 2025-08-08 10:15:25
EPSS: 0.2% probability · 39.7th percentile — 2026-03-29
Affected versions: cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Summary: If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.