PT-2025-42970 · Oracle+8 · Oracle Java Se+11

Published

2025-01-01

·

Updated

2026-05-08

·

CVE-2025-61748

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 21.0.8 and 25 Oracle GraalVM for JDK version 21.0.8 Oracle GraalVM Enterprise Edition version 21.3.15
Description A difficult to exploit issue exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the Libraries component. An unauthenticated attacker with network access via multiple protocols can compromise the software. Successful exploitation may lead to unauthorized modification of data accessible to Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The issue can be exploited through APIs, such as via a web service supplying data to these APIs. It also affects Java deployments that load and run untrusted code, relying on the Java sandbox for security.
Recommendations Update Oracle Java SE to a version later than 21.0.8 and 25. Update Oracle GraalVM for JDK to a version later than 21.0.8. Update Oracle GraalVM Enterprise Edition to a version later than 21.3.15.

Fix

Improper Access Control

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2025:18824
ALT-PU-2025-13843
ALT-PU-2025-14086
BDU:2025-14036
BIT-JAVA-2025-61748
BIT-JAVA-MIN-2025-61748
BIT-JRE-2025-61748
CESA-2025_18824
CVE-2025-61748
DSA-6037-1
DSA-6039-1
INFSA-2025_18824
OPENSUSE-SU-2025:15670-1
OPENSUSE-SU-2025:15674-1
OPENSUSE-SU-2025:15693-1
OPENSUSE-SU-2025:15694-1
OPENSUSE-SU-2025:20123-1
RHSA-2025_18824
SUSE-SU-2025:21162-1
SUSE-SU-2025:3859-1
SUSE-SU-2025:3964-1
SUSE-SU-2025:3965-1
SUSE-SU-2025:4287-1
USN-7884-1
USN-7885-1
USN-7901-1
USN-7902-1

Affected Products

Alt Linux
Almalinux
Centos
Java Platform
Linuxmint
Oracle Graalvm Enterprise Edition
Oracle Graalvm For Jdk
Oracle Java Se
Red Hat
Red Os
Suse
Ubuntu