CVE-2025-53057

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25 Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15

Description A difficult to exploit issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via multiple protocols can compromise the software. Successful attacks may result in unauthorized creation, deletion, or modification of critical data. The issue can be exploited by using APIs, for example, through a web service supplying data to the APIs. It also affects Java deployments that load and run untrusted code, relying on the Java sandbox for security.

Recommendations Update to a version later than Oracle Java SE 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, and 25. Update to a version later than Oracle GraalVM for JDK 17.0.16 and 21.0.8. Update to a version later than Oracle GraalVM Enterprise Edition 21.3.15.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2025:18815

ALSA-2025:18821

ALSA-2025:18824

ALT-PU-2025-13824

ALT-PU-2025-13831

ALT-PU-2025-13841

ALT-PU-2025-13843

ALT-PU-2025-13849

ALT-PU-2025-13860

ALT-PU-2025-13901

ALT-PU-2025-14035

ALT-PU-2025-14037

ALT-PU-2025-14082

ALT-PU-2025-14086

BDU:2025-14035

BIT-JAVA-2025-53057

BIT-JAVA-MIN-2025-53057

BIT-JRE-2025-53057

CESA-2025_18815

CESA-2025_18821

CESA-2025_18824

CESA-2025_22370

CLEANSTART-2026-FN12833

CVE-2025-53057

DLA-4345-1

DLA-4346-1

DSA-6037-1

DSA-6038-1

DSA-6039-1

INFSA-2025_18815

INFSA-2025_18821

INFSA-2025_18824

MGASA-2025-0268

OPENSUSE-SU-2025:15660-1

OPENSUSE-SU-2025:15661-1

OPENSUSE-SU-2025:15670-1

OPENSUSE-SU-2025:15674-1

OPENSUSE-SU-2025:15690-1

OPENSUSE-SU-2025:15691-1

OPENSUSE-SU-2025:15692-1

OPENSUSE-SU-2025:15693-1

OPENSUSE-SU-2025:15694-1

OPENSUSE-SU-2025:15701-1

OPENSUSE-SU-2025:20123-1

OPENSUSE-SU-2025:20125-1

RHSA-2025:18814

RHSA-2025:18815

RHSA-2025:18818

RHSA-2025:18821

RHSA-2025:18824

RHSA-2025:21485

RHSA-2025:22370

RHSA-2025:22672

RHSA-2025_18815

RHSA-2025_18821

RHSA-2025_18824

SUSE-SU-2025:21162-1

SUSE-SU-2025:21164-1

SUSE-SU-2025:3835-1

SUSE-SU-2025:3859-1

SUSE-SU-2025:3964-1

SUSE-SU-2025:3965-1

SUSE-SU-2025:3996-1

SUSE-SU-2025:3997-1

SUSE-SU-2025:4005-1

SUSE-SU-2025:4038-1

SUSE-SU-2025:4039-1

SUSE-SU-2025:4287-1

SUSE-SU-2025_21162-1

SUSE-SU-2025_21164-1

SUSE-SU-2025_3835-1

SUSE-SU-2025_3859-1

SUSE-SU-2025_3964-1

SUSE-SU-2025_3965-1

SUSE-SU-2025_3996-1

SUSE-SU-2025_3997-1

SUSE-SU-2025_4038-1

SUSE-SU-2025_4039-1

SUSE-SU-2025_4287-1

USN-7881-1

USN-7882-1

USN-7883-1

USN-7884-1

USN-7885-1

USN-7900-1

USN-7901-1

USN-7902-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Java Platform

Linuxmint

Oracle Graalvm Enterprise Edition

Oracle Graalvm For Jdk

Oracle Java Se

Red Hat

Red Os

Suse

Ubuntu

CVE-2025-53057

Weakness Enumeration

Related Identifiers

Affected Products

References · 123