Vulnerability in Oracle Java SE and GraalVM Products
CVE-2025-30698

5.6MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Java Se; Oracle Graalvm For Jdk; Oracle Graalvm Enterprise Edition
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-30698?

A vulnerability exists in Oracle Java SE and GraalVM products that allows unauthenticated attackers with network access to exploit the system via multiple protocols. Successful exploitation can lead to unauthorized data manipulation, including updates, inserts, and deletions, as well as unauthorized reading of sensitive information. The vulnerability primarily affects Java deployments in client environments, such as sandboxed Java Web Start applications and applets that run untrusted code from the internet, which rely on the Java sandbox for security. It is important to note that this does not affect server deployments running only trusted code.

Affected Version(s)

Oracle GraalVM Enterprise Edition 20.3.17

Oracle GraalVM Enterprise Edition 21.3.13

Oracle GraalVM for JDK 17.0.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025