CVE-2025-50059
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-11-03
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | jre | 1.8.0 |
| oracle | jre | 1.8.0 |
| oracle | jre | 11.0.27 |
| oracle | jre | 17.0.15 |
| oracle | jre | 21.0.7 |
| oracle | jre | 24.0.1 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.27 |
| oracle | jdk | 17.0.15 |
| oracle | jdk | 21.0.7 |
| oracle | jdk | 24.0.1 |
| oracle | graalvm_for_jdk | 17.0.15 |
| oracle | graalvm_for_jdk | 21.0.7 |
| oracle | graalvm_for_jdk | 24.0.1 |
| oracle | graalvm | 21.3.14 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition in their networking components. It allows an unauthenticated attacker with network access via multiple protocols to compromise these products by exploiting a flaw in the Java sandbox security model. The vulnerability mainly impacts Java deployments that run untrusted code, such as sandboxed Java Web Start applications or applets that load code from the internet. Successful exploitation can lead to unauthorized access to critical or all accessible data within these Java environments.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to critical data or even complete access to all data accessible by Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. This can lead to significant data breaches or compromise of sensitive information, especially in environments where untrusted code is run within the Java sandbox.