CVE-2025-53057
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-11-03
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | graalvm | 21.3.15 |
| oracle | graalvm_for_jdk | 17.0.16 |
| oracle | graalvm_for_jdk | 21.0.8 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 1.8.0 |
| oracle | jdk | 11.0.28 |
| oracle | jdk | 17.0.16 |
| oracle | jdk | 21.0.8 |
| oracle | jdk | 25 |
| oracle | jre | 1.8.0 |
| oracle | jre | 1.8.0 |
| oracle | jre | 11.0.28 |
| oracle | jre | 17.0.16 |
| oracle | jre | 21.0.8 |
| oracle | jre | 25 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. It is a difficult to exploit issue that allows an unauthenticated attacker with network access via multiple protocols to compromise these products. The attacker can use APIs, such as those accessed through web services, to exploit the vulnerability. It also affects Java deployments running sandboxed Java Web Start applications or applets that load and run untrusted code relying on the Java sandbox for security. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical or accessible data.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to create, delete, or modify critical data within Oracle Java SE, Oracle GraalVM for JDK, or Oracle GraalVM Enterprise Edition environments. This could compromise the integrity of data and potentially disrupt applications relying on these Java platforms.