CVE-2025-30752
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-08-04
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | graalvm_for_jdk | 24.0.1 |
| oracle | jdk | 24.0.1 |
| oracle | jre | 24.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle Java SE and Oracle GraalVM for JDK version 24.0.1, specifically in the Compiler component. It is difficult to exploit and allows an unauthenticated attacker with network access via multiple protocols to compromise these products. The vulnerability affects Java deployments that run untrusted code in sandboxed environments, such as Java Web Start applications or Java applets, relying on the Java sandbox for security. It does not affect server deployments that run only trusted code. Successful exploitation can cause a partial denial of service (partial DOS).
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to cause a partial denial of service (partial DOS) on Oracle Java SE or Oracle GraalVM for JDK. This means that the availability of the affected Java applications could be disrupted, potentially impacting the functionality of client-side Java applications that run untrusted code.