CVE-2025-50106

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1 Oracle GraalVM for JDK versions 17.0.15, 21.0.7, 24.0.1 Oracle GraalVM Enterprise Edition version 21.3.14

Description A difficult-to-exploit issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (component: 2D). An unauthenticated attacker with network access via multiple protocols can compromise the affected products. Successful exploitation can lead to a takeover of the system. The issue can be exploited by using APIs in the specified component, such as through a web service supplying data to the APIs. This also applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security.

Recommendations Oracle Java SE version 8u451 Oracle Java SE version 8u451-perf Oracle Java SE version 11.0.27 Oracle Java SE version 17.0.15 Oracle Java SE version 21.0.7 Oracle Java SE version 24.0.1 Oracle GraalVM for JDK version 17.0.15 Oracle GraalVM for JDK version 21.0.7 Oracle GraalVM for JDK version 24.0.1 Oracle GraalVM Enterprise Edition version 21.3.14

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025:10862

ALSA-2025:10867

ALSA-2025:10873

ALT-PU-2025-9433

ALT-PU-2025-9439

ALT-PU-2025-9466

ALT-PU-2025-9472

ALT-PU-2025-9553

ALT-PU-2025-9565

ALT-PU-2025-9567

ALT-PU-2025-9569

ALT-PU-2025-9571

ALT-PU-2025-9573

ALT-PU-2025-9575

BDU:2025-08709

BIT-JAVA-2025-50106

BIT-JAVA-MIN-2025-50106

BIT-JRE-2025-50106

CESA-2025_10862

CESA-2025_10867

CESA-2025_10873

CESA-2025_13675

CVE-2025-50106

DLA-4248-1

DLA-4275-1

DSA-5972-1

INFSA-2025_10862

INFSA-2025_10867

INFSA-2025_10873

MGASA-2025-0233

OPENSUSE-SU-2025:15356-1

OPENSUSE-SU-2025:15357-1

OPENSUSE-SU-2025:15358-1

OPENSUSE-SU-2025:15362-1

OPENSUSE-SU-2025:15390-1

OPENSUSE-SU-2025:15532-1

RHSA-2025:10861

RHSA-2025:10862

RHSA-2025:10865

RHSA-2025:10867

RHSA-2025:10873

RHSA-2025:13656

RHSA-2025:13675

RHSA-2025_10862

RHSA-2025_10867

RHSA-2025_10873

RHSA-2025_13675

SUSE-SU-2025:02563-1

SUSE-SU-2025:02657-1

SUSE-SU-2025:02666-1

SUSE-SU-2025:02667-1

SUSE-SU-2025:03120-1

SUSE-SU-2025:03224-1

SUSE-SU-2025:03236-1

SUSE-SU-2025:03262-1

SUSE-SU-2025_02563-1

SUSE-SU-2025_02657-1

SUSE-SU-2025_02666-1

SUSE-SU-2025_02667-1

SUSE-SU-2025_03120-1

SUSE-SU-2025_03224-1

SUSE-SU-2025_03236-1

SUSE-SU-2025_03262-1

USN-7667-1

USN-7668-1

USN-7669-1

USN-7672-1

USN-7673-1

USN-7674-1

USN-7690-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Java Platform

Linuxmint

Oracle Graalvm Enterprise Edition 21.3.14

Oracle Graalvm For Jdk 17.0.15

Oracle Graalvm For Jdk 21.0.7

Oracle Graalvm For Jdk 24.0.1

Oracle Java Se 11.0.27

Oracle Java Se 17.0.15

Oracle Java Se 21.0.7

Oracle Java Se 24.0.1

Oracle Java Se 8U451

Oracle Java Se 8U451-Perf

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-50106

Weakness Enumeration

Related Identifiers

Affected Products

References · 114