CVE-2025-61748
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-28
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | graalvm | 21.3.15 |
| oracle | graalvm_for_jdk | 21.0.8 |
| oracle | jdk | 21.0.8 |
| oracle | jdk | 25 |
| oracle | jre | 21.0.8 |
| oracle | jre | 25 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle Java SE and Oracle GraalVM products, specifically in their Libraries component. It is difficult to exploit but allows an unauthenticated attacker with network access via multiple protocols to compromise these products. The attacker can perform unauthorized update, insert, or delete operations on accessible data. The vulnerability can be exploited through APIs, such as web services supplying data to these APIs, and also affects Java deployments running sandboxed Java Web Start applications or applets that load and run untrusted code relying on the Java sandbox for security.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to modify data by unauthorized updates, inserts, or deletions in Oracle Java SE or Oracle GraalVM environments. This could lead to data integrity issues and potentially disrupt applications relying on these Java components. However, the vulnerability does not impact confidentiality or availability.