File Access Vulnerability in the Default JVM on Cloud Instances
CVE-2025-11919

Currently unrated

Key Information:

Vendor: Wolfram Research Inc.
Status: Cloud
Vendor: CVE Published:; 26 June 2026

🔔 Create Wolfram Research Inc. Vulnerability Alert

What is CVE-2025-11919?

The default Java Virtual Machine (JVM) is susceptible to a file access vulnerability that allows unauthorized users on the same cloud instance to access files and directories located in /tmp/. An attacker exploiting this flaw could create or replace .jar files within the shared temporary directory, which the JVM references during startup. By strategically placing a malicious library file before the legitimate version in the classpath, the attacker can cause the JVM to load the malicious code, potentially compromising the integrity of the application running on the affected instance.

Affected Version(s)

Cloud 14.2

References

https://github.com/PeterRoberge/vulnerability-wolfram-clo...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Oct 17, 2025

CVE-2025-11919 Data

JSON