Critical Vulnerability Information Vulnerability Overview Type/Severity: Important Security Advisory Subject: Security update for Red Hat JBoss Enterprise Application Platform 7.4, including multiple CVE vulnerability fixes and enhancements. Vulnerability Details CVE-2024-47535: io.netty/netty-handler: SslHandler failed to properly validate packets when using native SSLEngine, potentially leading to local crashes. CVE-2024-47535: io.netty/netty: Denial of service attack on Windows applications using Netty. CVE-2025-2393: netty-common: Denial of service attack on Windows applications using Netty. CVE-2025-2367: org.wildfly.core/wildfly-server: Improper RBAC permissions in WildFly. Solution Before applying the update, ensure that all previously released related bug fixes have been applied to the system, and back up the existing installation, including all applications, configuration files, databases, and database settings. Affected Products JBoss Enterprise Application Platform 7.4 for RHEL 7 x86_64 Fixed Issues Multiple BZ and JBoss EAP fix records, involving upgrades and fixes for components such as Netty, WildFly, and Elytron. CVE IDs CVE-2024-47535 CVE-2025-2367 CVE-2025-24970 CVE-2025-25193 References Links to Red Hat security update classification, JBoss Enterprise Application Platform 7.4 documentation, and installation guides are provided.