cvelistv5 - cve-2025-61755

CVE-2025-61755 (GCVE-0-2025-61755)

Vulnerability from cvelistv5

Published

2025-10-21 20:03

Modified

2025-10-22 18:15

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.

Summary

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL

	Vendor	Product	Version
	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.16 Version: 21.0.8

wid-sec-w-2025-2365

Vulnerability from csaf_certbund

Published

2025-10-21 22:00

Modified

2025-10-23 22:00

Summary

Oracle Java SE: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2365 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2365.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2365 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2365"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Java SE vom 2025-10-21",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 11",
        "url": "https://github.com/corretto/corretto-11/blob/11.0.29.7.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "Change Log for Amazon Corretto 8",
        "url": "https://github.com/corretto/corretto-8/blob/8.472.08.1/CHANGELOG.md"
      },
      {
        "category": "external",
        "summary": "OpenJDK Vulnerability Advisory vom 2025-10-21",
        "url": "https://openjdk.org/groups/vulnerability/advisories/2025-10-21"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18824 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18824"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18822 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18822"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18823 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18823"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18816 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18816"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18814 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18814"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18825 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18825"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18826 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18826"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18817 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18817"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18821 vom 2025-10-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:18821"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18820 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18820"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18819 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18819"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18818 vom 2025-10-24",
        "url": "https://access.redhat.com/errata/RHSA-2025:18818"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:18815 vom 2025-10-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:18815"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Java SE: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-23T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-24T08:08:36.515+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2365",
      "initial_release_date": "2025-10-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2025-10-23T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.472.08.1",
                "product": {
                  "name": "Amazon Corretto \u003c8.472.08.1",
                  "product_id": "T048031"
                }
              },
              {
                "category": "product_version",
                "name": "8.472.08.1",
                "product": {
                  "name": "Amazon Corretto 8.472.08.1",
                  "product_id": "T048031-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:8.472.08.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.29.7.1",
                "product": {
                  "name": "Amazon Corretto \u003c11.0.29.7.1",
                  "product_id": "T048032"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.29.7.1",
                "product": {
                  "name": "Amazon Corretto 11.0.29.7.1",
                  "product_id": "T048032-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:amazon:corretto:11.0.29.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Corretto"
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source OpenJDK",
            "product": {
              "name": "Open Source OpenJDK",
              "product_id": "580789",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:openjdk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.0.28",
                "product": {
                  "name": "Oracle Java SE 11.0.28",
                  "product_id": "T047923",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:11.0.28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.0.16",
                "product": {
                  "name": "Oracle Java SE 17.0.16",
                  "product_id": "T047924",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:17.0.16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "21.0.8",
                "product": {
                  "name": "Oracle Java SE 21.0.8",
                  "product_id": "T047925",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:21.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461-b50",
                "product": {
                  "name": "Oracle Java SE 8u461-b50",
                  "product_id": "T047961",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461-b50"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461-perf",
                "product": {
                  "name": "Oracle Java SE 8u461-perf",
                  "product_id": "T047962",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461-perf"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8u461",
                "product": {
                  "name": "Oracle Java SE 8u461",
                  "product_id": "T047963",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:8u461"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM for JDK 17.0.16",
                "product": {
                  "name": "Oracle Java SE GraalVM for JDK 17.0.16",
                  "product_id": "T047965",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_17.0.16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM for JDK 21.0.8",
                "product": {
                  "name": "Oracle Java SE GraalVM for JDK 21.0.8",
                  "product_id": "T047966",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_21.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "GraalVM Enterprise Edition 21.3.15",
                "product": {
                  "name": "Oracle Java SE GraalVM Enterprise Edition 21.3.15",
                  "product_id": "T047968",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:java_se:graalvm_enterprise_edition_21.3.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Java SE"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31257",
      "product_status": {
        "known_affected": [
          "T048032",
          "67646",
          "T048031",
          "T047966",
          "T047923",
          "T047965",
          "T047924",
          "T047968",
          "580789",
          "T047925",
          "T047962",
          "T047963",
          "T047961"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-31257"
    },
    {
      "cve": "CVE-2025-53057",
      "product_status": {
        "known_affected": [
          "T048032",
          "67646",
          "T048031",
          "T047966",
          "T047923",
          "T047965",
          "T047924",
          "T047968",
          "580789",
          "T047925",
          "T047962",
          "T047963",
          "T047961"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53057"
    },
    {
      "cve": "CVE-2025-53066",
      "product_status": {
        "known_affected": [
          "T048032",
          "67646",
          "T048031",
          "T047966",
          "T047923",
          "T047965",
          "T047924",
          "T047968",
          "580789",
          "T047925",
          "T047962",
          "T047963",
          "T047961"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53066"
    },
    {
      "cve": "CVE-2025-61748",
      "product_status": {
        "known_affected": [
          "T048032",
          "67646",
          "T048031",
          "T047966",
          "T047923",
          "T047965",
          "T047924",
          "T047968",
          "580789",
          "T047925",
          "T047962",
          "T047963",
          "T047961"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61748"
    },
    {
      "cve": "CVE-2025-61755",
      "product_status": {
        "known_affected": [
          "T048032",
          "67646",
          "T048031",
          "T047966",
          "T047923",
          "T047965",
          "T047924",
          "T047968",
          "580789",
          "T047925",
          "T047962",
          "T047963",
          "T047961"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-61755"
    }
  ]
}

ncsc-2025-0337

Vulnerability from csaf_ncscnl

Published

2025-10-23 13:51

Modified

2025-10-23 13:51

Summary

Kwetsbaarheden verholpen in Oracle Java

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).

Interpretaties

De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores variërend van 3.1 tot 7.5, wat wijst op aanzienlijke risico's voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

CWE-416

Use After Free

CWE-862

Missing Authorization

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores vari\u00ebrend van 3.1 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Java",
    "tracking": {
      "current_release_date": "2025-10-23T13:51:40.686406Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0337",
      "initial_release_date": "2025-10-23T13:51:40.686406Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:51:40.686406Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Java Se"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle GraalVM Enterprise Edition"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle GraalVM for JDK"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-31257",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates address multiple security vulnerabilities across various platforms, including WebKitGTK, Oracle Java SE, and Apple operating systems, focusing on memory handling and potential exploitation through malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-31257 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31257.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-31257"
    },
    {
      "cve": "CVE-2025-53057",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise critical data, affecting several versions with a CVSS score of 5.9 indicating integrity impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-53057"
    },
    {
      "cve": "CVE-2025-53066",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise systems, potentially leading to unauthorized access to critical data, with a CVSS score of 7.5 indicating significant confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53066 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53066.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-53066"
    },
    {
      "cve": "CVE-2025-61748",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Java SE and GraalVM products allows unauthenticated network attackers to compromise systems, affecting versions 21.0.8, 25 of Java SE, and 21.3.15 of GraalVM, with a CVSS score of 3.7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61748 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61748.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-61748"
    },
    {
      "cve": "CVE-2025-61755",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 allows unauthenticated network attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 3.7.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61755 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-61755"
    }
  ]
}

fkie_cve-2025-61755

Vulnerability from fkie_nvd

Published

2025-10-21 20:20

Modified

2025-10-22 21:13

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2025.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
    }
  ],
  "id": "CVE-2025-61755",
  "lastModified": "2025-10-22T21:13:03.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-21T20:20:51.983",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ghsa-67f6-jm34-mhv2

Vulnerability from github

Published

2025-10-21 21:33

Modified

2025-10-21 21:33

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-61755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-21T20:20:51Z",
    "severity": "LOW"
  },
  "details": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
  "id": "GHSA-67f6-jm34-mhv2",
  "modified": "2025-10-21T21:33:43Z",
  "published": "2025-10-21T21:33:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61755"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2025-AVI-0906

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE version 8u461-b50
Oracle	Java SE	Oracle Java SE version 25
Oracle	Java SE	Oracle Java SE version 21.0.8
Oracle	Java SE	Oracle Java SE version 17.0.16
Oracle	Java SE	Oracle Java SE version 11.0.28
Oracle	Java SE	Oracle GraalVM for JDK version 21.0.8
Oracle	Java SE	Oracle Java SE version 8u461-perf
Oracle	Java SE	Oracle GraalVM for JDK version 17.0.16
Oracle	Java SE	Oracle GraalVM Enterprise Edition version 21.3.15
Oracle	Java SE	Oracle Java SE version 8u461

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-61755 (GCVE-0-2025-61755)

Vulnerability from cvelistv5

wid-sec-w-2025-2365

Vulnerability from csaf_certbund

ncsc-2025-0337

Vulnerability from csaf_ncscnl

fkie_cve-2025-61755

Vulnerability from fkie_nvd

ghsa-67f6-jm34-mhv2

Vulnerability from github

CERTFR-2025-AVI-0906

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature