CVE-2025-30761

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u451 and 8u451-perf Oracle Java SE version 11.0.27 Oracle GraalVM Enterprise Edition version 21.3.14

Description A difficult-to-exploit issue exists in the Scripting component of Oracle Java SE and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via multiple protocols can compromise the software. Successful attacks may result in unauthorized creation, deletion, or modification of critical data. This issue can be exploited through APIs, such as those exposed via a web service. It also affects Java deployments that load and run untrusted code relying on the Java sandbox for security.

Recommendations Oracle Java SE version 8u451: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Oracle Java SE version 8u451-perf: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Oracle Java SE version 11.0.27: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Oracle GraalVM Enterprise Edition version 21.3.14: At the moment, there is no information about a newer version that contains a fix for this vulnerability.