PT-2025-42963 · Oracle+9 · Oracle Java Se 8U461-Perf+18

Published

2025-01-01

·

Updated

2026-05-08

·

CVE-2025-53066

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25 Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15
Description An issue exists in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products, specifically within the JAXP component. This allows an unauthenticated attacker with network access, via multiple protocols, to compromise the software. Successful exploitation can lead to unauthorized access to critical data or complete access to all accessible data. The issue can be exploited by using APIs in the JAXP component, such as through a web service supplying data to these APIs. It also affects Java deployments that load and run untrusted code, relying on the Java sandbox for security.
Recommendations Oracle Java SE version 8u461 Oracle Java SE version 8u461-perf Oracle Java SE version 11.0.28 Oracle Java SE version 17.0.16 Oracle Java SE version 21.0.8 Oracle Java SE version 25 Oracle GraalVM for JDK version 17.0.16 Oracle GraalVM for JDK version 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15 At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2025:18815
ALSA-2025:18821
ALSA-2025:18824
ALT-PU-2025-13824
ALT-PU-2025-13831
ALT-PU-2025-13841
ALT-PU-2025-13843
ALT-PU-2025-13849
ALT-PU-2025-13860
ALT-PU-2025-13901
ALT-PU-2025-14035
ALT-PU-2025-14037
ALT-PU-2025-14082
ALT-PU-2025-14086
BDU:2025-13795
BIT-JAVA-2025-53066
BIT-JAVA-MIN-2025-53066
BIT-JRE-2025-53066
CESA-2025_18815
CESA-2025_18821
CESA-2025_18824
CESA-2025_22370
CLEANSTART-2026-FN12833
CVE-2025-53066
DLA-4345-1
DLA-4346-1
DSA-6037-1
DSA-6038-1
DSA-6039-1
INFSA-2025_18815
INFSA-2025_18821
INFSA-2025_18824
MGASA-2025-0268
OPENSUSE-SU-2025:15660-1
OPENSUSE-SU-2025:15661-1
OPENSUSE-SU-2025:15670-1
OPENSUSE-SU-2025:15674-1
OPENSUSE-SU-2025:15701-1
OPENSUSE-SU-2025:20123-1
OPENSUSE-SU-2025:20125-1
RHSA-2025_18815
RHSA-2025_18821
RHSA-2025_18824
SUSE-SU-2025:21162-1
SUSE-SU-2025:21164-1
SUSE-SU-2025:3835-1
SUSE-SU-2025:3859-1
SUSE-SU-2025:3964-1
SUSE-SU-2025:3965-1
SUSE-SU-2025:3996-1
SUSE-SU-2025:3997-1
SUSE-SU-2025:4005-1
SUSE-SU-2025:4038-1
SUSE-SU-2025:4039-1
SUSE-SU-2025:4287-1
USN-7881-1
USN-7882-1
USN-7883-1
USN-7884-1
USN-7885-1
USN-7900-1
USN-7901-1
USN-7902-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Java Platform
Linuxmint
Oracle Graalvm Enterprise Edition 21.3.15
Oracle Graalvm For Jdk 17.0.16
Oracle Graalvm For Jdk 21.0.8
Oracle Java Se 11.0.28
Oracle Java Se 17.0.16
Oracle Java Se 21.0.8
Oracle Java Se 25
Oracle Java Se 8U461
Oracle Java Se 8U461-Perf
Red Hat
Red Os
Suse
Ubuntu