PT-2025-29606 · Oracle+10 · Oracle Graalvm Enterprise Edition 21.3.14+20

Mashroor Hasan Bhuiyan

·

Published

2025-07-15

·

Updated

2026-05-08

·

CVE-2025-30754

CVSS v3.1

4.8

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u451 and 8u451-perf Oracle Java SE version 11.0.27 Oracle Java SE version 17.0.15 Oracle Java SE version 21.0.7 Oracle Java SE version 24.0.1 Oracle GraalVM for JDK versions 17.0.15, 21.0.7 and 24.0.1 Oracle GraalVM Enterprise Edition version 21.3.14
Description This issue affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. A difficult-to-exploit vulnerability exists that allows an unauthenticated attacker with network access via TLS to compromise the software. Successful exploitation can lead to unauthorized modification, insertion, or deletion of data, as well as unauthorized read access to data accessible by the software. This vulnerability specifically impacts Java deployments that load and execute untrusted code within a sandbox, such as Java Web Start applications or applets. It does not affect server-side deployments running only trusted code.
Recommendations Oracle Java SE versions prior to 8u451 and 8u451-perf Oracle Java SE versions prior to 11.0.27 Oracle Java SE versions prior to 17.0.15 Oracle Java SE versions prior to 21.0.7 Oracle Java SE versions prior to 24.0.1 Oracle GraalVM for JDK versions prior to 17.0.15, 21.0.7 and 24.0.1 Oracle GraalVM Enterprise Edition versions prior to 21.3.14

Fix

RCE

Improper Access Control

Weakness Enumeration

CWE-20CWE-284

Related Identifiers

ALSA-2025:10862
ALSA-2025:10867
ALSA-2025:10873
ALT-PU-2025-9433
ALT-PU-2025-9439
ALT-PU-2025-9466
ALT-PU-2025-9472
ALT-PU-2025-9553
ALT-PU-2025-9565
ALT-PU-2025-9567
ALT-PU-2025-9569
ALT-PU-2025-9571
ALT-PU-2025-9573
ALT-PU-2025-9575
BDU:2025-09723
BIT-JAVA-2025-30754
BIT-JAVA-MIN-2025-30754
BIT-JRE-2025-30754
CESA-2025_10862
CESA-2025_10867
CESA-2025_10873
CESA-2025_13675
CVE-2025-30754
DLA-4248-1
DLA-4275-1
DSA-5972-1
INFSA-2025_10862
INFSA-2025_10867
INFSA-2025_10873
MGASA-2025-0233
OPENSUSE-SU-2025:15356-1
OPENSUSE-SU-2025:15357-1
OPENSUSE-SU-2025:15358-1
OPENSUSE-SU-2025:15362-1
OPENSUSE-SU-2025:15532-1
RHSA-2025:10861
RHSA-2025:10862
RHSA-2025:10865
RHSA-2025:10867
RHSA-2025:10873
RHSA-2025:13656
RHSA-2025:13675
RHSA-2025_10862
RHSA-2025_10867
RHSA-2025_10873
RHSA-2025_13675
SUSE-SU-2025:02545-1
SUSE-SU-2025:02563-1
SUSE-SU-2025:02657-1
SUSE-SU-2025:02666-1
SUSE-SU-2025:02667-1
SUSE-SU-2025:03120-1
SUSE-SU-2025:03224-1
SUSE-SU-2025:03236-1
SUSE-SU-2025:03262-1
SUSE-SU-2025_02563-1
SUSE-SU-2025_02657-1
SUSE-SU-2025_02666-1
SUSE-SU-2025_02667-1
SUSE-SU-2025_03120-1
SUSE-SU-2025_03224-1
SUSE-SU-2025_03236-1
SUSE-SU-2025_03262-1
USN-7667-1
USN-7668-1
USN-7669-1
USN-7672-1
USN-7673-1
USN-7674-1
USN-7690-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Java Platform
Linuxmint
Oracle Graalvm Enterprise Edition 21.3.14
Oracle Graalvm For Jdk 17.0.15
Oracle Graalvm For Jdk 21.0.7
Oracle Graalvm For Jdk 24.0.1
Oracle Java Se 11.0.27
Oracle Java Se 17.0.15
Oracle Java Se 21.0.7
Oracle Java Se 24.0.1
Oracle Java Se 8U451
Oracle Java Se 8U451-Perf
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu