JBoss Enterprise Application Platform (EAP) is a Java EE-based application server for building, deploying, and hosting enterprise Java applications and services. It provides clustering, messaging, and high-availability capabilities for Java applications. JBoss EAP includes tools for web applications, enterprise Java beans, messaging, transactions, and integration with other popular frameworks.

JBoss EAP

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-23368	CRITICAL	9.8	Java	org.wildfly.core:wildfly-elytron-integration	No	Yes	Mar 04, 2025
CVE-2025-9784	HIGH	7.5	Java	moditect	No	Yes	Sep 02, 2025
CVE-2025-23367	MEDIUM	6.5	Java	org.wildfly.core:wildfly-server	No	Yes	Jan 30, 2025
CVE-2023-1932	MEDIUM	6.1	Java	cpe:2.3:a:redhat:jboss_enterprise_application_platform	No	Yes	Nov 07, 2024
CVE-2025-5731	MEDIUM	5.5	Java	org.infinispan:infinispan-cli-client	No	Yes	Jun 26, 2025

CVE-2022-0853:
JBoss EAP vulnerability analysis and mitigation

7.5

Related JBoss EAP vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2022-0853: JBoss EAP vulnerability analysis and mitigation