cvelistv5 - cve-2025-61755

CVE-2025-61755 (GCVE-0-2025-61755)

Vulnerability from cvelistv5 – Published: 2025-10-21 20:03 – Updated: 2025-10-22 18:15

Summary

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.

Assigner

oracle

References

URL

Tags

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle GraalVM for JDK	Affected: 17.0.16 Affected: 21.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T18:11:21.523044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T18:15:40.100Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.16"
            },
            {
              "status": "affected",
              "version": "21.0.8"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:10.637Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-61755",
    "datePublished": "2025-10-21T20:03:10.637Z",
    "dateReserved": "2025-09-30T19:21:55.556Z",
    "dateUpdated": "2025-10-22T18:15:40.100Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-61755\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2025-10-21T20:20:51.983\",\"lastModified\":\"2025-10-27T20:36:48.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDCE92-E161-46DC-8A2E-17EF7303DBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29154F4D-88E2-43FA-9DDA-1DEF5F588A31\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2025.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-22T18:11:21.523044Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-22T18:15:36.215Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM for JDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.16\"}, {\"status\": \"affected\", \"version\": \"21.0.8\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2025.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2025-10-21T20:03:10.637Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-61755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T18:15:40.100Z\", \"dateReserved\": \"2025-09-30T19:21:55.556Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2025-10-21T20:03:10.637Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-61755

Vulnerability from fkie_nvd - Published: 2025-10-21 20:20 - Updated: 2025-10-27 20:36

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2025.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	oracle	graalvm_for_jdk	17.0.16
	oracle	graalvm_for_jdk	21.0.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDCE92-E161-46DC-8A2E-17EF7303DBFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "29154F4D-88E2-43FA-9DDA-1DEF5F588A31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2025-61755",
  "lastModified": "2025-10-27T20:36:48.053",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-21T20:20:51.983",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2025-AVI-0906

Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE version 8u461-b50
Oracle	Java SE	Oracle Java SE version 25
Oracle	Java SE	Oracle Java SE version 21.0.8
Oracle	Java SE	Oracle Java SE version 17.0.16
Oracle	Java SE	Oracle Java SE version 11.0.28
Oracle	Java SE	Oracle GraalVM for JDK version 21.0.8
Oracle	Java SE	Oracle Java SE version 8u461-perf
Oracle	Java SE	Oracle GraalVM for JDK version 17.0.16
Oracle	Java SE	Oracle GraalVM Enterprise Edition version 21.3.15
Oracle	Java SE	Oracle Java SE version 8u461

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpuoct2025

2025-10-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Java SE version 8u461-b50",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 25",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 21.0.8",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 17.0.16",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 11.0.28",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 21.0.8",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u461-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 17.0.16",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.15",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u461",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
    },
    {
      "name": "CVE-2025-43212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
    },
    {
      "name": "CVE-2025-43240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43240"
    },
    {
      "name": "CVE-2025-43227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43227"
    },
    {
      "name": "CVE-2025-31278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
    },
    {
      "name": "CVE-2025-43211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43211"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-43228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43228"
    },
    {
      "name": "CVE-2025-43265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43265"
    },
    {
      "name": "CVE-2025-43216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
    },
    {
      "name": "CVE-2025-24189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24189"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-61755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61755"
    },
    {
      "name": "CVE-2025-31257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    }
  ],
  "initial_release_date": "2025-10-22T00:00:00",
  "last_revision_date": "2025-10-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0906",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2025-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2025",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ]
}

CERTFR-2025-AVI-0906

Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE version 8u461-b50
Oracle	Java SE	Oracle Java SE version 25
Oracle	Java SE	Oracle Java SE version 21.0.8
Oracle	Java SE	Oracle Java SE version 17.0.16
Oracle	Java SE	Oracle Java SE version 11.0.28
Oracle	Java SE	Oracle GraalVM for JDK version 21.0.8
Oracle	Java SE	Oracle Java SE version 8u461-perf
Oracle	Java SE	Oracle GraalVM for JDK version 17.0.16
Oracle	Java SE	Oracle GraalVM Enterprise Edition version 21.3.15
Oracle	Java SE	Oracle Java SE version 8u461

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpuoct2025

2025-10-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Java SE version 8u461-b50",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 25",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 21.0.8",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 17.0.16",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 11.0.28",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 21.0.8",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u461-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 17.0.16",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.15",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u461",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
    },
    {
      "name": "CVE-2025-43212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
    },
    {
      "name": "CVE-2025-43240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43240"
    },
    {
      "name": "CVE-2025-43227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43227"
    },
    {
      "name": "CVE-2025-31278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
    },
    {
      "name": "CVE-2025-43211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43211"
    },
    {
      "name": "CVE-2025-6558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
    },
    {
      "name": "CVE-2025-43228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43228"
    },
    {
      "name": "CVE-2025-43265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43265"
    },
    {
      "name": "CVE-2025-43216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
    },
    {
      "name": "CVE-2025-24189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24189"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-61755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61755"
    },
    {
      "name": "CVE-2025-31257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    }
  ],
  "initial_release_date": "2025-10-22T00:00:00",
  "last_revision_date": "2025-10-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0906",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2025-10-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2025",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ]
}

WID-SEC-W-2025-2365

Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-12-01 23:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2365 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2365.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2365 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2365"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Java SE vom 2025-10-21",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 11",
        "url": "https://github.com/corretto/corretto-11/blob/11.0.29.7.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 8",
        "url": "https://github.com/corretto/corretto-8/blob/8.472.08.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory vom 2025-10-21",
        "url": "https://openjdk.org/groups/vulnerability/advisories/2025-10-21"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18824 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18824"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18822 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18822"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18823 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18823"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18816 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18816"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18814 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18814"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18825 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18825"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18826 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18826"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18817 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18817"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18821 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18821"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18820 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18820"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18819 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18819"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18818 vom 2025-10-24",
        "url": "https://access.redhat.com/errata/RHSA-2025:18818"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18815 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18815"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15660-1 vom 2025-10-24",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYBJ677VF7F4ZSMLX3GWAMXWMZMDX6TI/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4346 vom 2025-10-25",
        "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00026.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4345 vom 2025-10-25",
        "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00025.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6039 vom 2025-10-26",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00205.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15661-1 vom 2025-10-24",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5UPJO4CYYCTTODVMA4476F3K2Z7WPTBS/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6037 vom 2025-10-25",
        "url": "https://security-tracker.debian.org/tracker/DSA-6037-1"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-18824 vom 2025-10-24",
        "url": "https://linux.oracle.com/errata/ELSA-2025-18824.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20251024-0010 vom 2025-10-24",
        "url": "https://security.netapp.com/advisory/NTAP-20251024-0010"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6038 vom 2025-10-25",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00204.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-18821 vom 2025-10-24",
        "url": "https://linux.oracle.com/errata/ELSA-2025-18821.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-18815 vom 2025-10-24",
        "url": "https://linux.oracle.com/errata/ELSA-2025-18815.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3047 vom 2025-10-27",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3047.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3048 vom 2025-10-27",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3048.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2025-021 vom 2025-10-27",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-2025-021.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3835-1 vom 2025-10-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023072.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3859-1 vom 2025-10-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023079.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15674-1 vom 2025-10-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S4MJYY6GI4OEPCONZ5OZF6JPBI67LCPJ/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3859-1 vom 2025-10-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMV65UKEMJ5XZGXBOOCVPAPP6DHKNBG5/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15693-1 vom 2025-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VU4T2GSGJ3FSMB2VQKU2AVIH5DSZ4Q7A/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249833 vom 2025-10-31",
        "url": "https://www.ibm.com/support/pages/node/7249833"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15690-1 vom 2025-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OBTHACNEISJLEVENW6F2UY73GMJFQAPI/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7249834 vom 2025-10-31",
        "url": "https://www.ibm.com/support/pages/node/7249834"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15694-1 vom 2025-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPNAG4GRUDNAT2AVXYGLMZTAD2X5TWNZ/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15691-1 vom 2025-11-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPFSP3HIULFUYTXM7EZVSJGRCVQF2ANT/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7250035 vom 2025-11-03",
        "url": "https://www.ibm.com/support/pages/node/7250035"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7250255 vom 2025-11-06",
        "url": "https://www.ibm.com/support/pages/node/7250255"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15701-1 vom 2025-11-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NYSZB3IXIAPQGFBTRTYOPOEOZDCFYMRH/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7250250 vom 2025-11-06",
        "url": "https://www.ibm.com/support/pages/node/7250250"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3964-1 vom 2025-11-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023167.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3965-1 vom 2025-11-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023166.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3996-1 vom 2025-11-07",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4XBO3CFLQHMPIGKNMQNDBIDRQ6ZRN6U/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:3997-1 vom 2025-11-07",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P6MDCNVOO2ZGEPCYBSDNBOEOJK3N37FG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4005-1 vom 2025-11-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRGDIRMJ63CBCCXYFXZ434NAYMNERVTW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4005-1 vom 2025-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023183.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4039-1 vom 2025-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023195.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3072 vom 2025-11-11",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3072.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4038-1 vom 2025-11-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023196.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-18814 vom 2025-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2025-18814.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:21485 vom 2025-11-17",
        "url": "https://access.redhat.com/errata/RHSA-2025:21485"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-018 vom 2025-11-18",
        "url": "https://security.business.xerox.com/wp-content/uploads/2025/11/Xerox-Security-Bulletin-XRX25-018-Xerox-FreeFlow-Print-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7251920 vom 2025-11-19",
        "url": "https://www.ibm.com/support/pages/node/7251920"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:21485 vom 2025-11-25",
        "url": "https://errata.build.resf.org/RLSA-2025:21485"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7884-1 vom 2025-11-25",
        "url": "https://ubuntu.com/security/notices/USN-7884-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7885-1 vom 2025-11-25",
        "url": "https://ubuntu.com/security/notices/USN-7885-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22088 vom 2025-11-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:22088"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252217 vom 2025-11-25",
        "url": "https://www.ibm.com/support/pages/node/7252217"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7883-1 vom 2025-11-25",
        "url": "https://ubuntu.com/security/notices/USN-7883-1"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-132 vom 2025-11-26",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-132/index.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7882-1 vom 2025-11-25",
        "url": "https://ubuntu.com/security/notices/USN-7882-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252680 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252680"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252724 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252724"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4287-1 vom 2025-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023427.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:22370 vom 2025-12-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:22370"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-438 vom 2025-12-01",
        "url": "https://www.dell.com/support/kbdoc/de-de/000397455/dsa-2025-438-security-update-for-dell-networker-runtime-environment-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7253241 vom 2025-12-01",
        "url": "https://www.ibm.com/support/pages/node/7253241"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7901-1 vom 2025-12-02",
        "url": "https://ubuntu.com/security/notices/USN-7901-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025-20123-1 vom 2025-12-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GQWF5TZM5GYGLQPAY4CY63R5SDNNGIHF/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025-20125-1 vom 2025-12-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSTB5CP5PLTZBCEI7BMNC646ZLF732WB/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7902-1 vom 2025-12-02",
        "url": "https://ubuntu.com/security/notices/USN-7902-1"
      },
      {
        "category": "external",
        "summary": "Camunda Security Notices vom 2025-12-01",
        "url": "https://docs.camunda.org/security/notices/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7900-1 vom 2025-12-02",
        "url": "https://ubuntu.com/security/notices/USN-7900-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-01T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-02T07:58:38.087+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2365",
      "initial_release_date": "2025-10-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2025-10-23T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-10-26T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE, Debian, Oracle Linux und NetApp aufgenommen"
        },
        {
          "date": "2025-10-27T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-10-28T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-10-29T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2025-11-02T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von openSUSE, IBM und IBM-APAR aufgenommen"
        },
        {
          "date": "2025-11-03T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-05T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM und openSUSE aufgenommen"
        },
        {
          "date": "2025-11-06T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-10T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2025-11-12T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-11-16T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-11-17T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2025-11-19T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-24T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat, IBM, Ubuntu und HITACHI aufgenommen"
        },
        {
          "date": "2025-11-26T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-11-30T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-01T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu und openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "22"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.472.08.1",
                "product": {
                  "name": "Amazon Corretto \u003c8.472.08.1",
                  "product_id": "T048031"
                }
              },
              {
                "category": "product_version",
                "name": "8.472.08.1",
                "product": {
                  "name": "Amazon Corretto 8.472.08.1",
                  "product_id": "T048031-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:8.472.08.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.29.7.1",
                "product": {
                  "name": "Amazon Corretto \u003c11.0.29.7.1",
                  "product_id": "T048032"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.29.7.1",
                "product": {
                  "name": "Amazon Corretto 11.0.29.7.1",
                  "product_id": "T048032-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:11.0.29.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Corretto"
          },
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Runtime Environment \u003c17.0.3",
                "product": {
                  "name": "Dell NetWorker Runtime Environment \u003c17.0.3",
                  "product_id": "T048963"
                }
              },
              {
                "category": "product_version",
                "name": "Runtime Environment 17.0.3",
                "product": {
                  "name": "Dell NetWorker Runtime Environment 17.0.3",
                  "product_id": "T048963-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:runtime_environment__17.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Runtime Environment \u003c8.0.27",
                "product": {
                  "name": "Dell NetWorker Runtime Environment \u003c8.0.27",
                  "product_id": "T048964"
                }
              },
              {
                "category": "product_version",
                "name": "Runtime Environment 8.0.27",
                "product": {
                  "name": "Dell NetWorker Runtime Environment 8.0.27",
                  "product_id": "T048964-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:runtime_environment__8.0.27"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T038839",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T038840",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T032495",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Integration Bus",
            "product": {
              "name": "IBM Integration Bus",
              "product_id": "T011169",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:integration_bus:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.1.5.28",
                "product": {
                  "name": "IBM Java \u003c7.1.5.28",
                  "product_id": "T048247"
                }
              },
              {
                "category": "product_version",
                "name": "7.1.5.28",
                "product": {
                  "name": "IBM Java 7.1.5.28",
                  "product_id": "T048247-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:jre:7.1.5.28"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.0.8.55",
                "product": {
                  "name": "IBM Java \u003c8.0.8.55",
                  "product_id": "T048248"
                }
              },
              {
                "category": "product_version",
                "name": "8.0.8.55",
                "product": {
                  "name": "IBM Java 8.0.8.55",
                  "product_id": "T048248-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:jre:8.0.8.55"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java"
          },
          {
            "category": "product_name",
            "name": "IBM Semeru Runtime",
            "product": {
              "name": "IBM Semeru Runtime",
              "product_id": "T048255",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:semeru_runtime:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Key Lifecycle Manager",
            "product": {
              "name": "IBM Tivoli Key Lifecycle Manager",
              "product_id": "T026238",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Tivoli Monitoring",
            "product": {
              "name": "IBM Tivoli Monitoring",
              "product_id": "T011128",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:tivoli_monitoring:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.1.0",
                "product": {
                  "name": "IBM Tivoli Netcool/OMNIbus 8.1.0",
                  "product_id": "T048745",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Tivoli Netcool/OMNIbus"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "IBM WebSphere Application Server 8.5",
                  "product_id": "703851",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:8.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "IBM WebSphere Application Server 9.0",
                  "product_id": "703852",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:9.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "liberty",
                "product": {
                  "name": "IBM WebSphere Application Server liberty",
                  "product_id": "T008337",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:websphere_application_server:liberty"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "WebSphere Application Server"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T037607",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.24.1",
                "product": {
                  "name": "Open Source Camunda \u003c7.24.1",
                  "product_id": "T048978"
                }
              },
              {
                "category": "product_version",
                "name": "7.24.1",
                "product": {
                  "name": "Open Source Camunda 7.24.1",
                  "product_id": "T048978-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:camunda:camunda:7.24.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.23.7",
                "product": {
                  "name": "Open Source Camunda \u003c7.23.7",
                  "product_id": "T048979"
                }
              },
              {
                "category": "product_version",
                "name": "7.23.7",
                "product": {
                  "name": "Open Source Camunda 7.23.7",
                  "product_id": "T048979-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:camunda:camunda:7.23.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.22.10",
                "product": {
                  "name": "Open Source Camunda \u003c7.22.10",
                  "product_id": "T048980"
                }
              },
              {
                "category": "product_version",
                "name": "7.22.10",
                "product": {
                  "name": "Open Source Camunda 7.22.10",
                  "product_id": "T048980-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:camunda:camunda:7.22.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Camunda"
          },
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.0.28",
                "product": {
                  "name": "Oracle Java SE 11.0.28",
                  "product_id": "T047923",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.16",
                "product": {
                  "name": "Oracle Java SE 17.0.16",
                  "product_id": "T047924",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:17.0.16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.8",
                "product": {
                  "name": "Oracle Java SE 21.0.8",
                  "product_id": "T047925",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461-b50",
                "product": {
                  "name": "Oracle Java SE 8u461-b50",
                  "product_id": "T047961",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461-b50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461-perf",
                "product": {
                  "name": "Oracle Java SE 8u461-perf",
                  "product_id": "T047962",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461-perf"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461",
                "product": {
                  "name": "Oracle Java SE 8u461",
                  "product_id": "T047963",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM for JDK 17.0.16",
                "product": {
                  "name": "Oracle Java SE GraalVM for JDK 17.0.16",
                  "product_id": "T047965",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_17.0.16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM for JDK 21.0.8",
                "product": {
                  "name": "Oracle Java SE GraalVM for JDK 21.0.8",
                  "product_id": "T047966",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_21.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM Enterprise Edition 21.3.15",
                "product": {
                  "name": "Oracle Java SE GraalVM Enterprise Edition 21.3.15",
                  "product_id": "T047968",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_enterprise_edition_21.3.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          },
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T035098",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31257",
      "product_status": {
        "known_affected": [
          "T008337",
          "T048032",
          "67646",
          "T011169",
          "T048031",
          "T011128",
          "T035098",
          "T004914",
          "703851",
          "703852",
          "T038840",
          "T047966",
          "T048979",
          "T047923",
          "T048978",
          "T047965",
          "T020304",
          "T047924",
          "T047968",
          "T047925",
          "T048255",
          "398363",
          "T047962",
          "T047963",
          "T047961",
          "T038839",
          "T037607",
          "T032255",
          "T032495",
          "T048745",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "580789",
          "T027843",
          "T026238",
          "T048980",
          "T048964",
          "T048248",
          "T048963",
          "T048247"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-31257"
    },
    {
      "cve": "CVE-2025-53057",
      "product_status": {
        "known_affected": [
          "T008337",
          "T048032",
          "67646",
          "T011169",
          "T048031",
          "T011128",
          "T035098",
          "T004914",
          "703851",
          "703852",
          "T038840",
          "T047966",
          "T048979",
          "T047923",
          "T048978",
          "T047965",
          "T020304",
          "T047924",
          "T047968",
          "T047925",
          "T048255",
          "398363",
          "T047962",
          "T047963",
          "T047961",
          "T038839",
          "T037607",
          "T032255",
          "T032495",
          "T048745",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "580789",
          "T027843",
          "T026238",
          "T048980",
          "T048964",
          "T048248",
          "T048963",
          "T048247"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53057"
    },
    {
      "cve": "CVE-2025-53066",
      "product_status": {
        "known_affected": [
          "T008337",
          "T048032",
          "67646",
          "T011169",
          "T048031",
          "T011128",
          "T035098",
          "T004914",
          "703851",
          "703852",
          "T038840",
          "T047966",
          "T048979",
          "T047923",
          "T048978",
          "T047965",
          "T020304",
          "T047924",
          "T047968",
          "T047925",
          "T048255",
          "398363",
          "T047962",
          "T047963",
          "T047961",
          "T038839",
          "T037607",
          "T032255",
          "T032495",
          "T048745",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "580789",
          "T027843",
          "T026238",
          "T048980",
          "T048964",
          "T048248",
          "T048963",
          "T048247"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53066"
    },
    {
      "cve": "CVE-2025-61748",
      "product_status": {
        "known_affected": [
          "T008337",
          "T048032",
          "67646",
          "T011169",
          "T048031",
          "T011128",
          "T035098",
          "T004914",
          "703851",
          "703852",
          "T038840",
          "T047966",
          "T048979",
          "T047923",
          "T048978",
          "T047965",
          "T020304",
          "T047924",
          "T047968",
          "T047925",
          "T048255",
          "398363",
          "T047962",
          "T047963",
          "T047961",
          "T038839",
          "T037607",
          "T032255",
          "T032495",
          "T048745",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "580789",
          "T027843",
          "T026238",
          "T048980",
          "T048964",
          "T048248",
          "T048963",
          "T048247"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61748"
    },
    {
      "cve": "CVE-2025-61755",
      "product_status": {
        "known_affected": [
          "T008337",
          "T048032",
          "67646",
          "T011169",
          "T048031",
          "T011128",
          "T035098",
          "T004914",
          "703851",
          "703852",
          "T038840",
          "T047966",
          "T048979",
          "T047923",
          "T048978",
          "T047965",
          "T020304",
          "T047924",
          "T047968",
          "T047925",
          "T048255",
          "398363",
          "T047962",
          "T047963",
          "T047961",
          "T038839",
          "T037607",
          "T032255",
          "T032495",
          "T048745",
          "2951",
          "T002207",
          "T000126",
          "T019704",
          "580789",
          "T027843",
          "T026238",
          "T048980",
          "T048964",
          "T048248",
          "T048963",
          "T048247"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61755"
    }
  ]
}

GHSA-67F6-JM34-MHV2

Vulnerability from github – Published: 2025-10-21 21:33 – Updated: 2025-10-21 21:33

Details

Severity ?

3.7 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-61755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T20:20:51Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
  "id": "GHSA-67f6-jm34-mhv2",
  "modified": "2025-10-21T21:33:43Z",
  "published": "2025-10-21T21:33:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61755"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2025-0337

Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:51 - Updated: 2025-10-23 13:51

Summary

Kwetsbaarheden verholpen in Oracle Java

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).

Interpretaties

De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores variërend van 3.1 tot 7.5, wat wijst op aanzienlijke risico's voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

CWE-416

Use After Free

CWE-862

Missing Authorization

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores vari\u00ebrend van 3.1 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Java",
    "tracking": {
      "current_release_date": "2025-10-23T13:51:40.686406Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0337",
      "initial_release_date": "2025-10-23T13:51:40.686406Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:51:40.686406Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Java Se"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle GraalVM Enterprise Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle GraalVM for JDK"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31257",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates address multiple security vulnerabilities across various platforms, including WebKitGTK, Oracle Java SE, and Apple operating systems, focusing on memory handling and potential exploitation through malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-31257 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31257.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-31257"
    },
    {
      "cve": "CVE-2025-53057",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise critical data, affecting several versions with a CVSS score of 5.9 indicating integrity impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-53057"
    },
    {
      "cve": "CVE-2025-53066",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise systems, potentially leading to unauthorized access to critical data, with a CVSS score of 7.5 indicating significant confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53066 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53066.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-53066"
    },
    {
      "cve": "CVE-2025-61748",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE and GraalVM products allows unauthenticated network attackers to compromise systems, affecting versions 21.0.8, 25 of Java SE, and 21.3.15 of GraalVM, with a CVSS score of 3.7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61748 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61748.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-61748"
    },
    {
      "cve": "CVE-2025-61755",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 allows unauthenticated network attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 3.7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61755 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-61755"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-61755 (GCVE-0-2025-61755)

FKIE_CVE-2025-61755

CERTFR-2025-AVI-0906

Solutions

CERTFR-2025-AVI-0906

Solutions

WID-SEC-W-2025-2365

GHSA-67F6-JM34-MHV2

NCSC-2025-0337

Tags

Sightings

Nomenclature