CVE-2025-30749

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions prior to 8u451 Oracle GraalVM for JDK versions prior to 17.0.15 Oracle GraalVM Enterprise Edition versions prior to 21.3.14 Oracle Java SE versions 11.0.27 Oracle Java SE versions 17.0.15 Oracle Java SE versions 21.0.7 Oracle Java SE versions 24.0.1 Oracle GraalVM for JDK versions 17.0.15 Oracle GraalVM for JDK versions 21.0.7 Oracle GraalVM for JDK versions 24.0.1 Oracle GraalVM Enterprise Edition versions 21.3.14

Description This issue affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. It is a difficult-to-exploit vulnerability that allows an unauthenticated attacker with network access via multiple protocols to compromise the affected products. Successful attacks can result in a complete system takeover. This vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or Java applets. It does not apply to deployments that run only trusted code.

Recommendations Update Oracle Java SE to a version later than 8u451. Update Oracle GraalVM for JDK to a version later than 17.0.15. Update Oracle GraalVM Enterprise Edition to a version later than 21.3.14. Update Oracle Java SE to a version later than 11.0.27. Update Oracle Java SE to a version later than 17.0.15. Update Oracle Java SE to a version later than 21.0.7. Update Oracle Java SE to a version later than 24.0.1. Update Oracle GraalVM for JDK to a version later than 17.0.15. Update Oracle GraalVM for JDK to a version later than 21.0.7. Update Oracle GraalVM for JDK to a version later than 24.0.1. Update Oracle GraalVM Enterprise Edition to a version later than 21.3.14.