csaf_certbund - wid-sec-w-2025-1569

wid-sec-w-2025-1569

Vulnerability from csaf_certbund

Published

2025-07-15 22:00

Modified

2025-08-12 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE und anderen Java Editionen ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - MacOS X - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Java SE und anderen Java Editionen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1569 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1569.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1569 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1569"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2025 - Appendix Oracle Java SE vom 2025-07-15",
        "url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Azul Zulu Builds of OpenJDK July 2025 quarterly update",
        "url": "https://docs.azul.com/core/pdfs/july-2025/azul-zulu-ca-release-notes-july-2025-rev1.0.pdf"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory: 2025/07/15",
        "url": "https://openjdk.org/groups/vulnerability/advisories/2025-07-15"
      },
      {
        "category": "external",
        "summary": "Corretto 8 Changelog vom 2025-07-16",
        "url": "https://github.com/corretto/corretto-8/blob/8.462.08.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Corretto 11 ChangeLog vom 2025-07-16",
        "url": "https://github.com/corretto/corretto-11/blob/11.0.28.6.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10867 vom 2025-07-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:10867"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10873 vom 2025-07-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:10873"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-10867 vom 2025-07-16",
        "url": "https://linux.oracle.com/errata/ELSA-2025-10867.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10863 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10863"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10875 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10875"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10874 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10874"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10870 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10870"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10861 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10861"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10869 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10869"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10864 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10864"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10862 vom 2025-07-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:10862"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15358-1 vom 2025-07-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/453Q2ZG7DSLGSOQSRYVDHQWSHZKLPFSY/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10865 vom 2025-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:10865"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15357-1 vom 2025-07-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KNGLPZCSINE52RXS4WUK4V3G23AG77LX/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10866 vom 2025-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:10866"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:10868 vom 2025-07-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:10868"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15362-1 vom 2025-07-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VVXHASFDSYT4YOX6UDCB7YID22NCJ66G/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4248 vom 2025-07-23",
        "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7668-1 vom 2025-07-25",
        "url": "https://ubuntu.com/security/notices/USN-7668-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7669-1 vom 2025-07-25",
        "url": "https://ubuntu.com/security/notices/USN-7669-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7672-1 vom 2025-07-28",
        "url": "https://ubuntu.com/security/notices/USN-7672-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7673-1 vom 2025-07-28",
        "url": "https://ubuntu.com/security/notices/USN-7673-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15390-1 vom 2025-07-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7H7XWA5W6BW245PBOIWOLBE2BLEIN6FI/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7674-1 vom 2025-07-29",
        "url": "https://ubuntu.com/security/notices/USN-7674-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7667-1 vom 2025-07-29",
        "url": "https://ubuntu.com/security/notices/USN-7667-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15391-1 vom 2025-07-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3YGILFYUGSJBMX6XUS3DCORELUTENSOY/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15392-1 vom 2025-07-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2BNOLDILAQY4FCCIW4HNDPZ7EHWJ3XM5/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-10862 vom 2025-07-29",
        "url": "https://linux.oracle.com/errata/ELSA-2025-10862.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02545-1 vom 2025-07-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021987.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-10873 vom 2025-07-30",
        "url": "http://linux.oracle.com/errata/ELSA-2025-10873.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2940 vom 2025-07-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2940.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2936 vom 2025-07-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2936.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02563-1 vom 2025-07-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021993.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241226 vom 2025-07-31",
        "url": "https://www.ibm.com/support/pages/node/7241226"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241306 vom 2025-08-01",
        "url": "https://www.ibm.com/support/pages/node/7241306"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2956 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2956.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2025-020 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-2025-020.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02657-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TO75LIYWPLPTZF6IA3K6IZNLY4O5NFM7/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02666-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DULM7FV7WTXEDWKUTXKMNK2TCHADYPSC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02667-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BCCQGVXFXURHFPSAYKM7LURL37W2CYIM/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241769 vom 2025-08-07",
        "url": "https://www.ibm.com/support/pages/node/7241769"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-10861 vom 2025-08-09",
        "url": "https://linux.oracle.com/errata/ELSA-2025-10861.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241933 vom 2025-08-11",
        "url": "https://www.ibm.com/support/pages/node/7241933"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13656 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13656"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7690-1 vom 2025-08-12",
        "url": "https://ubuntu.com/security/notices/USN-7690-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13675 vom 2025-08-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:13675"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5972 vom 2025-08-12",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00136.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-13T06:22:14.130+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1569",
      "initial_release_date": "2025-07-15T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-15T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2025-07-17T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-07-20T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE und Red Hat aufgenommen"
        },
        {
          "date": "2025-07-21T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-07-22T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-07-24T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-27T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von openSUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
        },
        {
          "date": "2025-07-30T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-07-31T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-08-07T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-10T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-08-11T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.462.08.1",
                "product": {
                  "name": "Amazon Corretto \u003c8.462.08.1",
                  "product_id": "T045421"
                }
              },
              {
                "category": "product_version",
                "name": "8.462.08.1",
                "product": {
                  "name": "Amazon Corretto 8.462.08.1",
                  "product_id": "T045421-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:8.462.08.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.28.6.1",
                "product": {
                  "name": "Amazon Corretto \u003c11.0.28.6.1",
                  "product_id": "T045422"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.28.6.1",
                "product": {
                  "name": "Amazon Corretto 11.0.28.6.1",
                  "product_id": "T045422-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:11.0.28.6.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Corretto"
          },
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Azul Zulu",
            "product": {
              "name": "Azul Zulu",
              "product_id": "T036273",
              "product_identification_helper": {
                "cpe": "cpe:/a:azul:zulu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Azul"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.8.50",
                "product": {
                  "name": "IBM Java \u003c8.0.8.50",
                  "product_id": "T045831"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.50",
                "product": {
                  "name": "IBM Java 8.0.8.50",
                  "product_id": "T045831-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:jre:8.0.8.50"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0.462.0",
                "product": {
                  "name": "IBM Semeru Runtime \u003c8.0.462.0",
                  "product_id": "T045792"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.462.0",
                "product": {
                  "name": "IBM Semeru Runtime 8.0.462.0",
                  "product_id": "T045792-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:8.0.462.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.28.0",
                "product": {
                  "name": "IBM Semeru Runtime \u003c11.0.28.0",
                  "product_id": "T045793"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.28.0",
                "product": {
                  "name": "IBM Semeru Runtime 11.0.28.0",
                  "product_id": "T045793-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:11.0.28.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c17.0.16.0",
                "product": {
                  "name": "IBM Semeru Runtime \u003c17.0.16.0",
                  "product_id": "T045794"
                }
              },
              {
                "category": "product_version",
                "name": "17.0.16.0",
                "product": {
                  "name": "IBM Semeru Runtime 17.0.16.0",
                  "product_id": "T045794-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:17.0.16.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c21.0.8.0",
                "product": {
                  "name": "IBM Semeru Runtime \u003c21.0.8.0",
                  "product_id": "T045795"
                }
              },
              {
                "category": "product_version",
                "name": "21.0.8.0",
                "product": {
                  "name": "IBM Semeru Runtime 21.0.8.0",
                  "product_id": "T045795-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:semeru_runtime:21.0.8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Semeru Runtime"
          },
          {
            "category": "product_name",
            "name": "IBM WebSphere Application Server",
            "product": {
              "name": "IBM WebSphere Application Server",
              "product_id": "T000377",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:websphere_application_server:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Service Registry and Repository 8.5",
                  "product_id": "306235",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:8.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Service Registry and Repository"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for JDK 17.0.15",
                "product": {
                  "name": "Oracle GraalVM for JDK 17.0.15",
                  "product_id": "T045416",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:for_jdk_17.0.15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for JDK 21.0.7",
                "product": {
                  "name": "Oracle GraalVM for JDK 21.0.7",
                  "product_id": "T045417",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:for_jdk_21.0.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for JDK 24.0.1",
                "product": {
                  "name": "Oracle GraalVM for JDK 24.0.1",
                  "product_id": "T045418",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:for_jdk_24.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Enterprise Edition 21.3.14",
                "product": {
                  "name": "Oracle GraalVM Enterprise Edition 21.3.14",
                  "product_id": "T045419",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:graalvm:enterprise_edition_21.3.14"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GraalVM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.0.27",
                "product": {
                  "name": "Oracle Java SE 11.0.27",
                  "product_id": "T045386",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.15",
                "product": {
                  "name": "Oracle Java SE 17.0.15",
                  "product_id": "T045387",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:17.0.15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.7",
                "product": {
                  "name": "Oracle Java SE 21.0.7",
                  "product_id": "T045388",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.0.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.0.1",
                "product": {
                  "name": "Oracle Java SE 24.0.1",
                  "product_id": "T045389",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:24.0.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u451-perf",
                "product": {
                  "name": "Oracle Java SE 8u451-perf",
                  "product_id": "T045415",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u451-perf"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-23166",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-23166"
    },
    {
      "cve": "CVE-2025-24855",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-24855"
    },
    {
      "cve": "CVE-2025-27113",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-27113"
    },
    {
      "cve": "CVE-2025-30749",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-30749"
    },
    {
      "cve": "CVE-2025-30752",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-30752"
    },
    {
      "cve": "CVE-2025-30754",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-30754"
    },
    {
      "cve": "CVE-2025-30761",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-30761"
    },
    {
      "cve": "CVE-2025-50059",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-50059"
    },
    {
      "cve": "CVE-2025-50063",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-50063"
    },
    {
      "cve": "CVE-2025-50065",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-50065"
    },
    {
      "cve": "CVE-2025-50106",
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T000377",
          "398363",
          "T045387",
          "T045386",
          "T045389",
          "T045422",
          "T045388",
          "T045421",
          "T045831",
          "T045415",
          "T036273",
          "2951",
          "T002207",
          "T045417",
          "T045416",
          "T000126",
          "T045419",
          "580789",
          "T045418",
          "T027843",
          "T045792",
          "T045794",
          "T045793",
          "306235",
          "T045795"
        ]
      },
      "release_date": "2025-07-15T22:00:00.000+00:00",
      "title": "CVE-2025-50106"
    }
  ]
}

CVE-2025-50059 (GCVE-0-2025-50059)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 14:42

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 8u451-perf
Version: 11.0.27
Version: 17.0.15
Version: 21.0.7
Version: 24.0.1

	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.15 Version: 21.0.7 Version: 24.0.1
	Oracle Corporation	Oracle GraalVM Enterprise Edition	Version: 21.3.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T14:42:42.641388Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T14:42:45.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451-perf"
            },
            {
              "status": "affected",
              "version": "11.0.27"
            },
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and  24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:33.672Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50059",
    "datePublished": "2025-07-15T19:27:33.672Z",
    "dateReserved": "2025-06-11T22:56:56.108Z",
    "dateUpdated": "2025-07-16T14:42:45.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-23166 (GCVE-0-2025-23166)

Vulnerability from cvelistv5

Published

2025-05-19 01:25

Modified

2025-05-28 00:07

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

References

►

URL

Tags

https://nodejs.org/en/blog/vulnerability/may-2025-security-releases

Impacted products

	Vendor	Product	Version
	nodejs	node	Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ Version: 20.0 ≤ 20.19.1 Version: 22.0 ≤ 22.15.0 Version: 23.0 ≤ 23.11.0 Version: 24.0 ≤ 24.0.1 Version: 21.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23166",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-19T14:11:17.877460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-248",
                "description": "CWE-248 Uncaught Exception",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-19T14:13:24.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "node",
          "vendor": "nodejs",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.*",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "20.19.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "22.15.0",
              "status": "affected",
              "version": "22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "23.11.0",
              "status": "affected",
              "version": "23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "24.0.1",
              "status": "affected",
              "version": "24.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.*",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T00:07:12.640Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2025-23166",
    "datePublished": "2025-05-19T01:25:08.462Z",
    "dateReserved": "2025-01-12T01:00:00.648Z",
    "dateUpdated": "2025-05-28T00:07:12.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-50065 (GCVE-0-2025-50065)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 15:48

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK.

Summary

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle GraalVM for JDK	Version: 24.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50065",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T15:47:59.759732Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T15:48:24.975Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image).   The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:36.134Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50065",
    "datePublished": "2025-07-15T19:27:36.134Z",
    "dateReserved": "2025-06-11T22:56:56.109Z",
    "dateUpdated": "2025-07-16T15:48:24.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30752 (GCVE-0-2025-30752)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 15:33

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 24.0.1

Oracle Corporation

Oracle GraalVM for JDK

Version: 24.0.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T15:33:02.452150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T15:33:06.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).   The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:29.996Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30752",
    "datePublished": "2025-07-15T19:27:29.996Z",
    "dateReserved": "2025-03-26T05:52:18.813Z",
    "dateUpdated": "2025-07-16T15:33:06.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24855 (GCVE-0-2025-24855)

Vulnerability from cvelistv5

Published

2025-03-14 00:00

Modified

2025-08-02 03:55

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

References

►

URL

Tags

https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

Impacted products

	Vendor	Product	Version
	xmlsoft	libxslt	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-02T03:55:44.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxslt",
          "vendor": "xmlsoft",
          "versions": [
            {
              "lessThan": "1.1.43",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.1.43",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T01:12:30.912Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/128"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-24855",
    "datePublished": "2025-03-14T00:00:00.000Z",
    "dateReserved": "2025-01-26T00:00:00.000Z",
    "dateUpdated": "2025-08-02T03:55:44.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30761 (GCVE-0-2025-30761)

Vulnerability from cvelistv5

Published

2025-07-15 20:49

Modified

2025-07-18 14:43

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 8u451
Version: 8u451-perf
Version: 11.0.27

Oracle Corporation

Oracle GraalVM Enterprise Edition

Version: 21.3.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30761",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:43:46.281794Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:43:49.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451"
            },
            {
              "status": "affected",
              "version": "8u451-perf"
            },
            {
              "status": "affected",
              "version": "11.0.27"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting).  Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and  11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T20:49:26.919Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30761",
    "datePublished": "2025-07-15T20:49:26.919Z",
    "dateReserved": "2025-03-26T05:52:18.814Z",
    "dateUpdated": "2025-07-18T14:43:49.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30754 (GCVE-0-2025-30754)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 15:31

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 8u451
Version: 8u451-perf
Version: 11.0.27
Version: 17.0.15
Version: 21.0.7
Version: 24.0.1

	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.15 Version: 21.0.7 Version: 24.0.1
	Oracle Corporation	Oracle GraalVM Enterprise Edition	Version: 21.3.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T15:31:20.330242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T15:31:23.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451"
            },
            {
              "status": "affected",
              "version": "8u451-perf"
            },
            {
              "status": "affected",
              "version": "11.0.27"
            },
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and  24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T21:55:29.340Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30754",
    "datePublished": "2025-07-15T19:27:30.751Z",
    "dateReserved": "2025-03-26T05:52:18.813Z",
    "dateUpdated": "2025-07-16T15:31:23.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30749 (GCVE-0-2025-30749)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 03:56

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 8u451
Version: 8u451-perf
Version: 11.0.27
Version: 17.0.15
Version: 21.0.7
Version: 24.0.1

	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.15 Version: 21.0.7 Version: 24.0.1
	Oracle Corporation	Oracle GraalVM Enterprise Edition	Version: 21.3.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T03:56:13.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451"
            },
            {
              "status": "affected",
              "version": "8u451-perf"
            },
            {
              "status": "affected",
              "version": "11.0.27"
            },
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).  Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and  24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:28.680Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30749",
    "datePublished": "2025-07-15T19:27:28.680Z",
    "dateReserved": "2025-03-26T05:52:18.812Z",
    "dateUpdated": "2025-07-16T03:56:13.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-50063 (GCVE-0-2025-50063)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 18:14

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE.

Summary

Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle Java SE	Version: 8u451

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T03:56:16.389251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T13:05:03.915Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in Oracle Java SE (component: Install).   The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-16T18:14:27.082Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50063",
    "datePublished": "2025-07-15T19:27:35.383Z",
    "dateReserved": "2025-06-11T22:56:56.109Z",
    "dateUpdated": "2025-07-16T18:14:27.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-50106 (GCVE-0-2025-50106)

Vulnerability from cvelistv5

Published

2025-07-15 19:27

Modified

2025-07-16 03:56

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

►

URL

Tags

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

Impacted products

Vendor

Product

Version

►

Oracle Corporation

Oracle Java SE

Version: 8u451
Version: 8u451-perf
Version: 11.0.27
Version: 17.0.15
Version: 21.0.7
Version: 24.0.1

	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.15 Version: 21.0.7 Version: 24.0.1
	Oracle Corporation	Oracle GraalVM Enterprise Edition	Version: 21.3.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50106",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T03:56:14.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u451"
            },
            {
              "status": "affected",
              "version": "8u451-perf"
            },
            {
              "status": "affected",
              "version": "11.0.27"
            },
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.15"
            },
            {
              "status": "affected",
              "version": "21.0.7"
            },
            {
              "status": "affected",
              "version": "24.0.1"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.14"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.15:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).  Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and  24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:51.820Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50106",
    "datePublished": "2025-07-15T19:27:51.820Z",
    "dateReserved": "2025-06-11T22:56:56.114Z",
    "dateUpdated": "2025-07-16T03:56:14.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27113 (GCVE-0-2025-27113)

Vulnerability from cvelistv5

Published

2025-02-18 00:00

Modified

2025-03-07 00:10

Severity ?

2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-476 - NULL Pointer Dereference

Summary

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

References

►

URL

Tags

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

Impacted products

	Vendor	Product	Version
	xmlsoft	libxml2	Version: 0 ≤ Version: 2.13.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T15:33:43.940899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T15:34:14.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-07T00:10:52.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250306-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libxml2",
          "vendor": "xmlsoft",
          "versions": [
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.12.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.13.6",
                  "versionStartIncluding": "2.13.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-18T22:29:44.033Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-27113",
    "datePublished": "2025-02-18T00:00:00.000Z",
    "dateReserved": "2025-02-18T00:00:00.000Z",
    "dateUpdated": "2025-03-07T00:10:52.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-1569

Vulnerability from csaf_certbund

CVE-2025-50059 (GCVE-0-2025-50059)

Vulnerability from cvelistv5

CVE-2025-23166 (GCVE-0-2025-23166)

Vulnerability from cvelistv5

CVE-2025-50065 (GCVE-0-2025-50065)

Vulnerability from cvelistv5

CVE-2025-30752 (GCVE-0-2025-30752)

Vulnerability from cvelistv5

CVE-2025-24855 (GCVE-0-2025-24855)

Vulnerability from cvelistv5

CVE-2025-30761 (GCVE-0-2025-30761)

Vulnerability from cvelistv5

CVE-2025-30754 (GCVE-0-2025-30754)

Vulnerability from cvelistv5

CVE-2025-30749 (GCVE-0-2025-30749)

Vulnerability from cvelistv5

CVE-2025-50063 (GCVE-0-2025-50063)

Vulnerability from cvelistv5

CVE-2025-50106 (GCVE-0-2025-50106)

Vulnerability from cvelistv5

CVE-2025-27113 (GCVE-0-2025-27113)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature