Stored Cross-Site Scripting Flaw in JBoss EAP Management Console by Red Hat
CVE-2025-2901

4.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Jboss Enterprise Application Platform 7; Red Hat Jboss Enterprise Application Platform 8; Red Hat Jboss Enterprise Application Platform Expansion Pack
Vendor: CVE Published:; 28 March 2025

Summary

A security flaw has been identified in the JBoss EAP Management Console, attributed to improper sanitation of user input before it is stored. This vulnerability allows for the storage of malicious scripts which can be executed when users access affected web pages. As a result, attackers could potentially exfiltrate sensitive data or hijack user sessions, exposing both individuals and organizations to further malicious actions.

References

https://access.redhat.com/security/cve/CVE-2025-2901

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2355685

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 28, 2025

Credit

Red Hat would like to thank Łukasz Rupala for reporting this issue.