PT-2025-42954 · Oracle+9 · Oracle Graalvm For Jdk+12
CVE-2025-53057
·
Publicado
2025-01-01
·
Atualizado
2026-06-12
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25
Oracle GraalVM for JDK versions 17.0.16 and 21.0.8
Oracle GraalVM Enterprise Edition version 21.3.15
Description
A difficult to exploit issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via multiple protocols can compromise the software. Successful attacks may result in unauthorized creation, deletion, or modification of critical data. The issue can be exploited by using APIs, for example, through a web service supplying data to the APIs. It also affects Java deployments that load and run untrusted code, relying on the Java sandbox for security.
Recommendations
Update to a version later than Oracle Java SE 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, and 25.
Update to a version later than Oracle GraalVM for JDK 17.0.16 and 21.0.8.
Update to a version later than Oracle GraalVM Enterprise Edition 21.3.15.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Centos
Debian
Java Platform
Linuxmint
Oracle Graalvm Enterprise Edition
Oracle Graalvm For Jdk
Oracle Java Se
Red Hat
Red Os
Suse
Ubuntu