Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61755 (GCVE-0-2025-61755)
Vulnerability from cvelistv5
Published
2025-10-21 20:03
Modified
2025-10-22 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.
Summary
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle GraalVM for JDK |
Version: 17.0.16 Version: 21.0.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T18:11:21.523044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T18:15:40.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle GraalVM for JDK",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "17.0.16"
},
{
"status": "affected",
"version": "21.0.8"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T20:03:10.637Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-61755",
"datePublished": "2025-10-21T20:03:10.637Z",
"dateReserved": "2025-09-30T19:21:55.556Z",
"dateUpdated": "2025-10-22T18:15:40.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61755\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2025-10-21T20:20:51.983\",\"lastModified\":\"2025-10-27T20:36:48.053\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDCE92-E161-46DC-8A2E-17EF7303DBFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29154F4D-88E2-43FA-9DDA-1DEF5F588A31\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2025.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-22T18:11:21.523044Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-22T18:15:36.215Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM for JDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.16\"}, {\"status\": \"affected\", \"version\": \"21.0.8\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2025.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2025-10-21T20:03:10.637Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T18:15:40.100Z\", \"dateReserved\": \"2025-09-30T19:21:55.556Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2025-10-21T20:03:10.637Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
ncsc-2025-0337
Vulnerability from csaf_ncscnl
Published
2025-10-23 13:51
Modified
2025-10-23 13:51
Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).
Interpretaties
De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores variërend van 3.1 tot 7.5, wat wijst op aanzienlijke risico's voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
CWE-416
Use After Free
CWE-862
Missing Authorization
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Java SE en Oracle GraalVM (Specifiek voor versies 21.0.8 en 25 van Oracle Java SE, en versie 21.3.15 van Oracle GraalVM Enterprise Edition).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers met netwerktoegang in staat om systemen te compromitteren, wat kan leiden tot ongeautoriseerde gegevensmanipulatie en het risico op datalekken. De ernst van deze kwetsbaarheden wordt onderstreept door CVSS-scores vari\u00ebrend van 3.1 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de integriteit en vertrouwelijkheid van gegevens. De kwetsbaarheden zijn aanwezig in verschillende versies van de software, wat de noodzaak van updates benadrukt.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Missing Authorization",
"title": "CWE-862"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Java",
"tracking": {
"current_release_date": "2025-10-23T13:51:40.686406Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0337",
"initial_release_date": "2025-10-23T13:51:40.686406Z",
"revision_history": [
{
"date": "2025-10-23T13:51:40.686406Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Java Se"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle GraalVM Enterprise Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle GraalVM for JDK"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31257",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates address multiple security vulnerabilities across various platforms, including WebKitGTK, Oracle Java SE, and Apple operating systems, focusing on memory handling and potential exploitation through malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31257 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-31257"
},
{
"cve": "CVE-2025-53057",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise critical data, affecting several versions with a CVSS score of 5.9 indicating integrity impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53066",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Java SE allows unauthenticated network attackers to compromise systems, potentially leading to unauthorized access to critical data, with a CVSS score of 7.5 indicating significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53066 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53066.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53066"
},
{
"cve": "CVE-2025-61748",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Java SE and GraalVM products allows unauthenticated network attackers to compromise systems, affecting versions 21.0.8, 25 of Java SE, and 21.3.15 of GraalVM, with a CVSS score of 3.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61748 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61748.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61748"
},
{
"cve": "CVE-2025-61755",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "A vulnerability in Oracle GraalVM for JDK versions 17.0.16 and 21.0.8 allows unauthenticated network attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 3.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61755 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-61755"
}
]
}
fkie_cve-2025-61755
Vulnerability from fkie_nvd
Published
2025-10-21 20:20
Modified
2025-10-27 20:36
Severity ?
Summary
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2025.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm_for_jdk | 17.0.16 | |
| oracle | graalvm_for_jdk | 21.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDCE92-E161-46DC-8A2E-17EF7303DBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "29154F4D-88E2-43FA-9DDA-1DEF5F588A31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"id": "CVE-2025-61755",
"lastModified": "2025-10-27T20:36:48.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2025-10-21T20:20:51.983",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CERTFR-2025-AVI-0906
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE version 8u461-b50 | ||
| Oracle | Java SE | Oracle Java SE version 25 | ||
| Oracle | Java SE | Oracle Java SE version 21.0.8 | ||
| Oracle | Java SE | Oracle Java SE version 17.0.16 | ||
| Oracle | Java SE | Oracle Java SE version 11.0.28 | ||
| Oracle | Java SE | Oracle GraalVM for JDK version 21.0.8 | ||
| Oracle | Java SE | Oracle Java SE version 8u461-perf | ||
| Oracle | Java SE | Oracle GraalVM for JDK version 17.0.16 | ||
| Oracle | Java SE | Oracle GraalVM Enterprise Edition version 21.3.15 | ||
| Oracle | Java SE | Oracle Java SE version 8u461 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE version 8u461-b50",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 25",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 21.0.8",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 17.0.16",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 11.0.28",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK version 21.0.8",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 8u461-perf",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK version 17.0.16",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition version 21.3.15",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE version 8u461",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
},
{
"name": "CVE-2025-43212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
},
{
"name": "CVE-2025-43240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43240"
},
{
"name": "CVE-2025-43227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43227"
},
{
"name": "CVE-2025-31278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
},
{
"name": "CVE-2025-43211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43211"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-43228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43228"
},
{
"name": "CVE-2025-43265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43265"
},
{
"name": "CVE-2025-43216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
},
{
"name": "CVE-2025-24189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24189"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-61755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61755"
},
{
"name": "CVE-2025-31257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0906",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2025",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
ghsa-67f6-jm34-mhv2
Vulnerability from github
Published
2025-10-21 21:33
Modified
2025-10-21 21:33
Severity ?
VLAI Severity ?
Details
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2025-61755"
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-21T20:20:51Z",
"severity": "LOW"
},
"details": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GHSA-67f6-jm34-mhv2",
"modified": "2025-10-21T21:33:43Z",
"published": "2025-10-21T21:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61755"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2025-2365
Vulnerability from csaf_certbund
Published
2025-10-21 22:00
Modified
2025-12-23 23:00
Summary
Oracle Java SE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2365 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2365.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2365 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2365"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Java SE vom 2025-10-21",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 11",
"url": "https://github.com/corretto/corretto-11/blob/11.0.29.7.1/CHANGELOG.md"
},
{
"category": "external",
"summary": "Change Log for Amazon Corretto 8",
"url": "https://github.com/corretto/corretto-8/blob/8.472.08.1/CHANGELOG.md"
},
{
"category": "external",
"summary": "OpenJDK Vulnerability Advisory vom 2025-10-21",
"url": "https://openjdk.org/groups/vulnerability/advisories/2025-10-21"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18824 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18822 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18822"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18823 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18816 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18816"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18814 vom 2025-10-23",
"url": "https://access.redhat.com/errata/RHSA-2025:18814"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18825 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18825"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18826 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18817 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18817"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18821 vom 2025-10-22",
"url": "https://access.redhat.com/errata/RHSA-2025:18821"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18820 vom 2025-10-23",
"url": "https://access.redhat.com/errata/RHSA-2025:18820"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18819 vom 2025-10-23",
"url": "https://access.redhat.com/errata/RHSA-2025:18819"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18818 vom 2025-10-24",
"url": "https://access.redhat.com/errata/RHSA-2025:18818"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18815 vom 2025-10-23",
"url": "https://access.redhat.com/errata/RHSA-2025:18815"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15660-1 vom 2025-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TYBJ677VF7F4ZSMLX3GWAMXWMZMDX6TI/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4346 vom 2025-10-25",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00026.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4345 vom 2025-10-25",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00025.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6039 vom 2025-10-26",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00205.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15661-1 vom 2025-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5UPJO4CYYCTTODVMA4476F3K2Z7WPTBS/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6037 vom 2025-10-25",
"url": "https://security-tracker.debian.org/tracker/DSA-6037-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-18824 vom 2025-10-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-18824.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20251024-0010 vom 2025-10-24",
"url": "https://security.netapp.com/advisory/NTAP-20251024-0010"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6038 vom 2025-10-25",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00204.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-18821 vom 2025-10-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-18821.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-18815 vom 2025-10-24",
"url": "https://linux.oracle.com/errata/ELSA-2025-18815.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3047 vom 2025-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3047.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3048 vom 2025-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3048.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2CORRETTO8-2025-021 vom 2025-10-27",
"url": "https://alas.aws.amazon.com/AL2/ALAS2CORRETTO8-2025-021.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3835-1 vom 2025-10-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023072.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3859-1 vom 2025-10-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023079.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15674-1 vom 2025-10-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S4MJYY6GI4OEPCONZ5OZF6JPBI67LCPJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3859-1 vom 2025-10-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMV65UKEMJ5XZGXBOOCVPAPP6DHKNBG5/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15693-1 vom 2025-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VU4T2GSGJ3FSMB2VQKU2AVIH5DSZ4Q7A/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249833 vom 2025-10-31",
"url": "https://www.ibm.com/support/pages/node/7249833"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15690-1 vom 2025-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OBTHACNEISJLEVENW6F2UY73GMJFQAPI/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249834 vom 2025-10-31",
"url": "https://www.ibm.com/support/pages/node/7249834"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15694-1 vom 2025-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HPNAG4GRUDNAT2AVXYGLMZTAD2X5TWNZ/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15691-1 vom 2025-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPFSP3HIULFUYTXM7EZVSJGRCVQF2ANT/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250035 vom 2025-11-03",
"url": "https://www.ibm.com/support/pages/node/7250035"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250255 vom 2025-11-06",
"url": "https://www.ibm.com/support/pages/node/7250255"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15701-1 vom 2025-11-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NYSZB3IXIAPQGFBTRTYOPOEOZDCFYMRH/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7250250 vom 2025-11-06",
"url": "https://www.ibm.com/support/pages/node/7250250"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3964-1 vom 2025-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023167.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3965-1 vom 2025-11-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023166.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3996-1 vom 2025-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4XBO3CFLQHMPIGKNMQNDBIDRQ6ZRN6U/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3997-1 vom 2025-11-07",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/P6MDCNVOO2ZGEPCYBSDNBOEOJK3N37FG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4005-1 vom 2025-11-10",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRGDIRMJ63CBCCXYFXZ434NAYMNERVTW/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4005-1 vom 2025-11-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023183.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4039-1 vom 2025-11-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023195.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3072 vom 2025-11-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3072.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4038-1 vom 2025-11-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023196.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-18814 vom 2025-11-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-18814.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21485 vom 2025-11-17",
"url": "https://access.redhat.com/errata/RHSA-2025:21485"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-018 vom 2025-11-18",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/11/Xerox-Security-Bulletin-XRX25-018-Xerox-FreeFlow-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251920 vom 2025-11-19",
"url": "https://www.ibm.com/support/pages/node/7251920"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:21485 vom 2025-11-25",
"url": "https://errata.build.resf.org/RLSA-2025:21485"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7884-1 vom 2025-11-25",
"url": "https://ubuntu.com/security/notices/USN-7884-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7885-1 vom 2025-11-25",
"url": "https://ubuntu.com/security/notices/USN-7885-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22088 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:22088"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252217 vom 2025-11-25",
"url": "https://www.ibm.com/support/pages/node/7252217"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7883-1 vom 2025-11-25",
"url": "https://ubuntu.com/security/notices/USN-7883-1"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2025-132 vom 2025-11-26",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-132/index.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7882-1 vom 2025-11-25",
"url": "https://ubuntu.com/security/notices/USN-7882-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252680 vom 2025-11-26",
"url": "https://www.ibm.com/support/pages/node/7252680"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7252724 vom 2025-11-26",
"url": "https://www.ibm.com/support/pages/node/7252724"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4287-1 vom 2025-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023427.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22370 vom 2025-12-01",
"url": "https://access.redhat.com/errata/RHSA-2025:22370"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-438 vom 2025-12-01",
"url": "https://www.dell.com/support/kbdoc/de-de/000397455/dsa-2025-438-security-update-for-dell-networker-runtime-environment-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253241 vom 2025-12-01",
"url": "https://www.ibm.com/support/pages/node/7253241"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7901-1 vom 2025-12-02",
"url": "https://ubuntu.com/security/notices/USN-7901-1"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20123-1 vom 2025-12-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GQWF5TZM5GYGLQPAY4CY63R5SDNNGIHF/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20125-1 vom 2025-12-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSTB5CP5PLTZBCEI7BMNC646ZLF732WB/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7902-1 vom 2025-12-02",
"url": "https://ubuntu.com/security/notices/USN-7902-1"
},
{
"category": "external",
"summary": "Camunda Security Notices vom 2025-12-01",
"url": "https://docs.camunda.org/security/notices/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7900-1 vom 2025-12-02",
"url": "https://ubuntu.com/security/notices/USN-7900-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253164 vom 2025-12-03",
"url": "https://www.ibm.com/support/pages/node/7253164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22672 vom 2025-12-03",
"url": "https://access.redhat.com/errata/RHSA-2025:22672"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21485 vom 2025-12-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-21485.html"
},
{
"category": "external",
"summary": "PDFreactor ReleaseNotes vom 2025-12-04",
"url": "https://www.pdfreactor.com/pdfreactor-12-4/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253912 vom 2025-12-05",
"url": "https://www.ibm.com/support/pages/node/7253912"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253905 vom 2025-12-09",
"url": "https://www.ibm.com/support/pages/node/7253905"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21164-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023503.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21162-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023504.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7254734 vom 2025-12-15",
"url": "https://www.ibm.com/support/pages/node/7254734"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255060 vom 2025-12-17",
"url": "https://www.ibm.com/support/pages/node/7255060"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255034 vom 2025-12-17",
"url": "https://www.ibm.com/support/pages/node/7255034"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7254158 vom 2025-12-17",
"url": "https://www.ibm.com/support/pages/node/7254158"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255556 vom 2025-12-22",
"url": "https://www.ibm.com/support/pages/node/7255556"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255557 vom 2025-12-22",
"url": "https://www.ibm.com/support/pages/node/7255557"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7255734 vom 2025-12-23",
"url": "https://www.ibm.com/support/pages/node/7255734"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-23T23:00:00.000+00:00",
"generator": {
"date": "2025-12-24T08:55:06.066+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2365",
"initial_release_date": "2025-10-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat und European Union Vulnerability Database aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE, Debian, Oracle Linux und NetApp aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-29T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2025-11-02T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von openSUSE, IBM und IBM-APAR aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-05T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM und openSUSE aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat, IBM, Ubuntu und HITACHI aufgenommen"
},
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu und openSUSE aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-23T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.472.08.1",
"product": {
"name": "Amazon Corretto \u003c8.472.08.1",
"product_id": "T048031"
}
},
{
"category": "product_version",
"name": "8.472.08.1",
"product": {
"name": "Amazon Corretto 8.472.08.1",
"product_id": "T048031-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.472.08.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.29.7.1",
"product": {
"name": "Amazon Corretto \u003c11.0.29.7.1",
"product_id": "T048032"
}
},
{
"category": "product_version",
"name": "11.0.29.7.1",
"product": {
"name": "Amazon Corretto 11.0.29.7.1",
"product_id": "T048032-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.29.7.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
},
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Runtime Environment \u003c17.0.3",
"product": {
"name": "Dell NetWorker Runtime Environment \u003c17.0.3",
"product_id": "T048963"
}
},
{
"category": "product_version",
"name": "Runtime Environment 17.0.3",
"product": {
"name": "Dell NetWorker Runtime Environment 17.0.3",
"product_id": "T048963-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:runtime_environment__17.0.3"
}
}
},
{
"category": "product_version_range",
"name": "Runtime Environment \u003c8.0.27",
"product": {
"name": "Dell NetWorker Runtime Environment \u003c8.0.27",
"product_id": "T048964"
}
},
{
"category": "product_version",
"name": "Runtime Environment 8.0.27",
"product": {
"name": "Dell NetWorker Runtime Environment 8.0.27",
"product_id": "T048964-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:runtime_environment__8.0.27"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T038839",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.6.0",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.6.0",
"product_id": "T049409"
}
},
{
"category": "product_version",
"name": "10.6.6.0",
"product": {
"name": "IBM DataPower Gateway 10.6.6.0",
"product_id": "T049409-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.6.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.0.20",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.20",
"product_id": "T049410"
}
},
{
"category": "product_version",
"name": "10.5.0.20",
"product": {
"name": "IBM DataPower Gateway 10.5.0.20",
"product_id": "T049410-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.8",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.8",
"product_id": "T049411"
}
},
{
"category": "product_version",
"name": "10.6.0.8",
"product": {
"name": "IBM DataPower Gateway 10.6.0.8",
"product_id": "T049411-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.8"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
},
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM Integration Bus",
"product": {
"name": "IBM Integration Bus",
"product_id": "T011169",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:integration_bus:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.1.5.28",
"product": {
"name": "IBM Java \u003c7.1.5.28",
"product_id": "T048247"
}
},
{
"category": "product_version",
"name": "7.1.5.28",
"product": {
"name": "IBM Java 7.1.5.28",
"product_id": "T048247-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:7.1.5.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.0.8.55",
"product": {
"name": "IBM Java \u003c8.0.8.55",
"product_id": "T048248"
}
},
{
"category": "product_version",
"name": "8.0.8.55",
"product": {
"name": "IBM Java 8.0.8.55",
"product_id": "T048248-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:jre:8.0.8.55"
}
}
}
],
"category": "product_name",
"name": "Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.2.42",
"product": {
"name": "IBM License Metric Tool \u003c9.2.42",
"product_id": "T049203"
}
},
{
"category": "product_version",
"name": "9.2.42",
"product": {
"name": "IBM License Metric Tool 9.2.42",
"product_id": "T049203-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2.42"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1",
"product": {
"name": "IBM MQ 9.1",
"product_id": "T014765",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.1"
}
}
},
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "IBM MQ 9.2",
"product_id": "T016984",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.2"
}
}
},
{
"category": "product_version",
"name": "9.3",
"product": {
"name": "IBM MQ 9.3",
"product_id": "T027879",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.3"
}
}
},
{
"category": "product_version",
"name": "9.4",
"product": {
"name": "IBM MQ 9.4",
"product_id": "T035670",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.4"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv10.0.9.1",
"product": {
"name": "IBM Security Verify Access \u003cv10.0.9.1",
"product_id": "T049459"
}
},
{
"category": "product_version",
"name": "v10.0.9.1",
"product": {
"name": "IBM Security Verify Access v10.0.9.1",
"product_id": "T049459-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:v10.0.9.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.2",
"product": {
"name": "IBM Security Verify Access \u003c11.0.2",
"product_id": "T049460"
}
},
{
"category": "product_version",
"name": "11.0.2",
"product": {
"name": "IBM Security Verify Access 11.0.2",
"product_id": "T049460-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:11.0.2"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"category": "product_name",
"name": "IBM Semeru Runtime",
"product": {
"name": "IBM Semeru Runtime",
"product_id": "T048255",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:semeru_runtime:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.3.0.16",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.3.0.16",
"product_id": "T049469"
}
},
{
"category": "product_version",
"name": "6.3.0.16",
"product": {
"name": "IBM Sterling Connect:Direct 6.3.0.16",
"product_id": "T049469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.3.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.0.5",
"product": {
"name": "IBM Sterling Connect:Direct \u003c6.4.0.5",
"product_id": "T049470"
}
},
{
"category": "product_version",
"name": "6.4.0.5",
"product": {
"name": "IBM Sterling Connect:Direct 6.4.0.5",
"product_id": "T049470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:6.4.0.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.4.0.5_iFix001",
"product": {
"name": "IBM Sterling Connect:Direct \u003c1.4.0.5_iFix001",
"product_id": "T049625"
}
},
{
"category": "product_version",
"name": "1.4.0.5_iFix001",
"product": {
"name": "IBM Sterling Connect:Direct 1.4.0.5_iFix001",
"product_id": "T049625-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:1.4.0.5_ifix001"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.4.0.5_iFix002",
"product": {
"name": "IBM Sterling Connect:Direct \u003c1.4.0.5_iFix002",
"product_id": "T049626"
}
},
{
"category": "product_version",
"name": "1.4.0.5_iFix002",
"product": {
"name": "IBM Sterling Connect:Direct 1.4.0.5_iFix002",
"product_id": "T049626-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:1.4.0.5_ifix002"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
},
{
"branches": [
{
"category": "product_version",
"name": "multiplatforms",
"product": {
"name": "IBM TXSeries multiplatforms",
"product_id": "T045090",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:multiplatforms"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Monitoring",
"product": {
"name": "IBM Tivoli Monitoring",
"product_id": "T011128",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.1.0",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus 8.1.0",
"product_id": "T048745",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0"
}
}
}
],
"category": "product_name",
"name": "Tivoli Netcool/OMNIbus"
},
{
"branches": [
{
"category": "product_version",
"name": "8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_version",
"name": "liberty",
"product": {
"name": "IBM WebSphere Application Server liberty",
"product_id": "T008337",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T037607",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.24.1",
"product": {
"name": "Open Source Camunda \u003c7.24.1",
"product_id": "T048978"
}
},
{
"category": "product_version",
"name": "7.24.1",
"product": {
"name": "Open Source Camunda 7.24.1",
"product_id": "T048978-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.24.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.23.7",
"product": {
"name": "Open Source Camunda \u003c7.23.7",
"product_id": "T048979"
}
},
{
"category": "product_version",
"name": "7.23.7",
"product": {
"name": "Open Source Camunda 7.23.7",
"product_id": "T048979-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.23.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.22.10",
"product": {
"name": "Open Source Camunda \u003c7.22.10",
"product_id": "T048980"
}
},
{
"category": "product_version",
"name": "7.22.10",
"product": {
"name": "Open Source Camunda 7.22.10",
"product_id": "T048980-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:camunda:camunda:7.22.10"
}
}
}
],
"category": "product_name",
"name": "Camunda"
},
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.0.28",
"product": {
"name": "Oracle Java SE 11.0.28",
"product_id": "T047923",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.28"
}
}
},
{
"category": "product_version",
"name": "17.0.16",
"product": {
"name": "Oracle Java SE 17.0.16",
"product_id": "T047924",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:17.0.16"
}
}
},
{
"category": "product_version",
"name": "21.0.8",
"product": {
"name": "Oracle Java SE 21.0.8",
"product_id": "T047925",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:21.0.8"
}
}
},
{
"category": "product_version",
"name": "8u461-b50",
"product": {
"name": "Oracle Java SE 8u461-b50",
"product_id": "T047961",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u461-b50"
}
}
},
{
"category": "product_version",
"name": "8u461-perf",
"product": {
"name": "Oracle Java SE 8u461-perf",
"product_id": "T047962",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u461-perf"
}
}
},
{
"category": "product_version",
"name": "8u461",
"product": {
"name": "Oracle Java SE 8u461",
"product_id": "T047963",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u461"
}
}
},
{
"category": "product_version",
"name": "GraalVM for JDK 17.0.16",
"product": {
"name": "Oracle Java SE GraalVM for JDK 17.0.16",
"product_id": "T047965",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_17.0.16"
}
}
},
{
"category": "product_version",
"name": "GraalVM for JDK 21.0.8",
"product": {
"name": "Oracle Java SE GraalVM for JDK 21.0.8",
"product_id": "T047966",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:graalvm_for_jdk_21.0.8"
}
}
},
{
"category": "product_version",
"name": "GraalVM Enterprise Edition 21.3.15",
"product": {
"name": "Oracle Java SE GraalVM Enterprise Edition 21.3.15",
"product_id": "T047968",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:graalvm_enterprise_edition_21.3.15"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.4",
"product": {
"name": "RealObjects PDFreactor \u003c12.4",
"product_id": "T049106"
}
},
{
"category": "product_version",
"name": "12.4",
"product": {
"name": "RealObjects PDFreactor 12.4",
"product_id": "T049106-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.4"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T035098",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31257",
"product_status": {
"known_affected": [
"T011169",
"T011128",
"T049460",
"T035098",
"T004914",
"703851",
"703852",
"T038840",
"T047966",
"T048979",
"T047923",
"T048978",
"T049626",
"T047965",
"T049625",
"T021415",
"T047924",
"T047968",
"T027879",
"T047925",
"T048255",
"398363",
"T047962",
"T047963",
"T049106",
"T049469",
"T047961",
"T037607",
"T045090",
"2951",
"T002207",
"444803",
"T019704",
"T027843",
"T049411",
"T049410",
"T026238",
"T048964",
"T049459",
"T048248",
"T048963",
"T048247",
"T008337",
"T048032",
"67646",
"T048031",
"T035670",
"T020304",
"T049409",
"T049203",
"T038839",
"T049470",
"T014765",
"T016984",
"T032255",
"T032495",
"T048745",
"T000126",
"580789",
"T048980"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-31257"
},
{
"cve": "CVE-2025-53057",
"product_status": {
"known_affected": [
"T011169",
"T011128",
"T049460",
"T035098",
"T004914",
"703851",
"703852",
"T038840",
"T047966",
"T048979",
"T047923",
"T048978",
"T049626",
"T047965",
"T049625",
"T021415",
"T047924",
"T047968",
"T027879",
"T047925",
"T048255",
"398363",
"T047962",
"T047963",
"T049106",
"T049469",
"T047961",
"T037607",
"T045090",
"2951",
"T002207",
"444803",
"T019704",
"T027843",
"T049411",
"T049410",
"T026238",
"T048964",
"T049459",
"T048248",
"T048963",
"T048247",
"T008337",
"T048032",
"67646",
"T048031",
"T035670",
"T020304",
"T049409",
"T049203",
"T038839",
"T049470",
"T014765",
"T016984",
"T032255",
"T032495",
"T048745",
"T000126",
"580789",
"T048980"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53066",
"product_status": {
"known_affected": [
"T011169",
"T011128",
"T049460",
"T035098",
"T004914",
"703851",
"703852",
"T038840",
"T047966",
"T048979",
"T047923",
"T048978",
"T049626",
"T047965",
"T049625",
"T021415",
"T047924",
"T047968",
"T027879",
"T047925",
"T048255",
"398363",
"T047962",
"T047963",
"T049106",
"T049469",
"T047961",
"T037607",
"T045090",
"2951",
"T002207",
"444803",
"T019704",
"T027843",
"T049411",
"T049410",
"T026238",
"T048964",
"T049459",
"T048248",
"T048963",
"T048247",
"T008337",
"T048032",
"67646",
"T048031",
"T035670",
"T020304",
"T049409",
"T049203",
"T038839",
"T049470",
"T014765",
"T016984",
"T032255",
"T032495",
"T048745",
"T000126",
"580789",
"T048980"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-53066"
},
{
"cve": "CVE-2025-61748",
"product_status": {
"known_affected": [
"T011169",
"T011128",
"T049460",
"T035098",
"T004914",
"703851",
"703852",
"T038840",
"T047966",
"T048979",
"T047923",
"T048978",
"T049626",
"T047965",
"T049625",
"T021415",
"T047924",
"T047968",
"T027879",
"T047925",
"T048255",
"398363",
"T047962",
"T047963",
"T049106",
"T049469",
"T047961",
"T037607",
"T045090",
"2951",
"T002207",
"444803",
"T019704",
"T027843",
"T049411",
"T049410",
"T026238",
"T048964",
"T049459",
"T048248",
"T048963",
"T048247",
"T008337",
"T048032",
"67646",
"T048031",
"T035670",
"T020304",
"T049409",
"T049203",
"T038839",
"T049470",
"T014765",
"T016984",
"T032255",
"T032495",
"T048745",
"T000126",
"580789",
"T048980"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-61748"
},
{
"cve": "CVE-2025-61755",
"product_status": {
"known_affected": [
"T011169",
"T011128",
"T049460",
"T035098",
"T004914",
"703851",
"703852",
"T038840",
"T047966",
"T048979",
"T047923",
"T048978",
"T049626",
"T047965",
"T049625",
"T021415",
"T047924",
"T047968",
"T027879",
"T047925",
"T048255",
"398363",
"T047962",
"T047963",
"T049106",
"T049469",
"T047961",
"T037607",
"T045090",
"2951",
"T002207",
"444803",
"T019704",
"T027843",
"T049411",
"T049410",
"T026238",
"T048964",
"T049459",
"T048248",
"T048963",
"T048247",
"T008337",
"T048032",
"67646",
"T048031",
"T035670",
"T020304",
"T049409",
"T049203",
"T038839",
"T049470",
"T014765",
"T016984",
"T032255",
"T032495",
"T048745",
"T000126",
"580789",
"T048980"
]
},
"release_date": "2025-10-21T22:00:00.000+00:00",
"title": "CVE-2025-61755"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…