12.9 Policy server admin UI has the following vulnerable packages:

lz4-java 1.10.1 impacted by CVE-2025-12183 and CVE-2025-66566.

Undertow 2.3.22 impacted by CVE-2024-3884, CVE-2024-4027 and CVE-2025-12543.

12.9 admin UI

The reported vulnerabilities are addressed in WildFly 39.0.0. Please open a support case and request a new admin UI build with WildFly 39.0.0.

This new admin UI build also addresses these vuknerabilities:

● BDSA-2025-48149
● BDSA-2025-48498
● BDSA-2025-13945
● BDSA-2025-42323
● BDSA-2025-5572
● BDSA-2025-68245
● CVE-2012-5785
● CVE-2025-67735 (BDSA-2025-62789)
● CVE-2022-46364 (BDSA-2022-3590)
● CVE-2024-28752 (BDSA-2024-7190)
● CVE-2024-29736 (BDSA-2024-4583)
● CVE-2025-48913 (BDSA-2025-8434)
● CVE-2022-46363 (BDSA-2022-3589)
● CVE-2024-32007 (BDSA-2024-4566)
● CVE-2025-23184 (BDSA-2025-0392)
● CVE-2025-12543 (BDSA-2025-99569)
● CVE-2024-45772 (BDSA-2024-6850)
● BDSA-2025-28525