PT-2025-42977 · Oracle · Graalvm For Jdk 21.0.8+1

Published

2025-10-14

Updated

2025-10-27

CVE-2025-61755

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle GraalVM for JDK versions 17.0.16 and 21.0.8

Description A difficult to exploit issue exists in the Oracle GraalVM for JDK product of Oracle Java SE, specifically within the Compiler component. An unauthenticated attacker with network access, utilizing multiple protocols, may be able to compromise the system and gain unauthorized read access to a subset of Oracle GraalVM for JDK data.

Recommendations Update Oracle GraalVM for JDK version 17.0.16 to a newer, fixed version. Update Oracle GraalVM for JDK version 21.0.8 to a newer, fixed version.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2025-14034

CVE-2025-61755

Affected Products

Graalvm For Jdk 17.0.16

Graalvm For Jdk 21.0.8

PT-2025-42977 · Oracle · Graalvm For Jdk 21.0.8+1

CVE-2025-61755

Weakness Enumeration

Related Identifiers

Affected Products

References · 7