CVE-2025-30761
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-11-04
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | jre | 1.8.0 |
| oracle | jre | 1.8.0 |
| oracle | jre | 11.0.27 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.27 |
| oracle | graalvm | 21.3.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products, specifically in the Scripting component. It is difficult to exploit but allows an unauthenticated attacker with network access via multiple protocols to compromise these products. The attacker can use APIs, such as those accessed through web services, to exploit the vulnerability. It also affects Java deployments running sandboxed Java Web Start applications or applets that load and run untrusted code relying on the Java sandbox for security. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical or accessible data.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to create, delete, or modify critical data or any data accessible through Oracle Java SE or Oracle GraalVM Enterprise Edition. This could compromise the integrity of your data and potentially disrupt applications relying on these Java components.