CVE-2025-2901 in JBoss Enterprise Application Platforminfo

Summary

by MITRE • 03/28/2025

A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Redhat

Reservation

03/28/2025

Disclosure

03/28/2025

Moderation

revoked

Entry

VDB-301962

CPE

ready

CWE

CWE-79 (confirmed)

CVSS

4.6 (CNA)

EPSS

0.00000

KEV

Activities

very low

Sector

Telecommunication, Finance, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-2901
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-2901
CVE Details	https://www.cvedetails.com/cve/CVE-2025-2901/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!