Unauthenticated Network Vulnerability in Oracle Java SE and GraalVM
CVE-2025-30691

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Java Se
Vendor: CVE Published:; 15 April 2025

Summary

This vulnerability in Oracle Java SE allows unauthenticated attackers with network access to exploit multiple protocols, potentially compromising sensitive data. Successful exploitation can lead to unauthorized updates, insertions, or deletions of data, as well as access to some data without authorization. The risk is heightened in environments utilizing sandboxed applications that rely on the Java security model, making it crucial for organizations to address this issue promptly.

Affected Version(s)

Oracle Java SE 21.0.6

Oracle Java SE 24

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025