PT-2025-29615 · Oracle+10 · Java Se 8U451-Perf+19

Violeta Georgieva

·

Published

2025-07-15

·

Updated

2026-06-12

·

CVE-2025-50059

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u451-perf through 8u451-perf Oracle Java SE versions 11.0.27 Oracle Java SE versions 17.0.15 Oracle Java SE versions 21.0.7 Oracle Java SE versions 24.0.1 Oracle GraalVM for JDK versions 17.0.15 Oracle GraalVM for JDK versions 21.0.7 Oracle GraalVM for JDK versions 24.0.1 Oracle GraalVM Enterprise Edition versions 21.3.14
Description A vulnerability exists within the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. This issue allows an unauthenticated attacker with network access to compromise the affected products via multiple protocols. Successful exploitation may lead to unauthorized access to critical data or complete access to all accessible data. This vulnerability primarily affects Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or applets. It does not typically impact server-side deployments running only trusted code.
Recommendations Oracle Java SE versions prior to 8u451-perf Oracle Java SE versions prior to 11.0.27 Oracle Java SE versions prior to 17.0.15 Oracle Java SE versions prior to 21.0.7 Oracle Java SE versions prior to 24.0.1 Oracle GraalVM for JDK versions prior to 17.0.15 Oracle GraalVM for JDK versions prior to 21.0.7 Oracle GraalVM for JDK versions prior to 24.0.1 Oracle GraalVM Enterprise Edition versions prior to 21.3.14

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2025:10867
ALSA-2025:10873
ALT-PU-2025-9433
ALT-PU-2025-9439
ALT-PU-2025-9466
ALT-PU-2025-9565
ALT-PU-2025-9567
ALT-PU-2025-9569
ALT-PU-2025-9571
ALT-PU-2025-9575
BDU:2025-08906
BIT-JAVA-2025-50059
BIT-JAVA-MIN-2025-50059
BIT-JRE-2025-50059
CESA-2025_10867
CESA-2025_10873
CVE-2025-50059
DLA-4248-1
DLA-4275-1
DSA-5972-1
INFSA-2025_10867
INFSA-2025_10873
MGASA-2025-0233
OPENSUSE-SU-2025:15356-1
OPENSUSE-SU-2025:15357-1
OPENSUSE-SU-2025:15358-1
OPENSUSE-SU-2025:15362-1
OPENSUSE-SU-2025:15391-1
OPENSUSE-SU-2025:15393-1
OPENSUSE-SU-2026:20943-1
OPENSUSE-SU-2026:20947-1
RHSA-2025:10865
RHSA-2025:10867
RHSA-2025:10873
RHSA-2025:13656
RHSA-2025_10867
RHSA-2025_10873
SUSE-SU-2025:02545-1
SUSE-SU-2025:02563-1
SUSE-SU-2025:02657-1
SUSE-SU-2025:02666-1
SUSE-SU-2025:02667-1
SUSE-SU-2025:03236-1
SUSE-SU-2025:03262-1
SUSE-SU-2025_02563-1
SUSE-SU-2025_02657-1
SUSE-SU-2025_02666-1
SUSE-SU-2025_02667-1
SUSE-SU-2025_03236-1
SUSE-SU-2025_03262-1
USN-7668-1
USN-7669-1
USN-7672-1
USN-7673-1
USN-7674-1
USN-7690-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Graalvm Enterprise Edition 21.3.14
Graalvm For Jdk 17.0.15
Graalvm For Jdk 21.0.7
Graalvm For Jdk 24.0.1
Java Platform
Java Se 11.0.27
Java Se 17.0.15
Java Se 21.0.7
Java Se 24.0.1
Java Se 8U451-Perf
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu