Critical Vulnerability Information Vulnerability Overview Advisory ID: RHSA-2025:3465 Release Date: 2025-04-01 Update Date: 2025-04-01 Type/Severity: Security Advisory - Important Affected Products JBoss Enterprise Application Platform 7.4 for RHEL 9 x86_64 JBoss Enterprise Application Platform 7.4 for RHEL 8 x86_64 JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64 Vulnerability Details CVE-2024-47535: io.netty/netty: Denial of Service attack on Windows applications using Netty CVE-2025-23367: org.wildfly.core/wildfly-server: Incorrect RBAC permissions in Wildfly CVE-2025-24970: io.netty/netty-handler: SslHandler improperly validates packets when using native SSLEngine, potentially leading to native crashes CVE-2025-25193: netty-common: Denial of Service attack on Windows applications using Netty Remediation Before applying the update, ensure that all previously released system-related errata fixes have been applied. Back up existing installations, including all applications, configuration files, databases, and database settings. Reference Links Red Hat Security Update Classification JBoss Enterprise Application Platform 7.4 Documentation JBoss Enterprise Application Platform 7.4 Installation Guide