Vulnerability in Oracle Java SE affecting multiple versions
CVE-2025-30754

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Java Se; Oracle Graalvm For Jdk; Oracle Graalvm Enterprise Edition
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-30754?

A vulnerability exists in Oracle Java SE that allows unauthenticated attackers with network access via TLS to compromise Oracle Java. Exploitation can lead to unauthorized access to modify, insert, or delete Oracle Java SE data, as well as unauthorized reading of accessible data. Particularly affected are Java applications that use untrusted code through Java Web Start or applets. Trusted code deployments, such as those run on servers, are not impacted.

Affected Version(s)

Oracle GraalVM Enterprise Edition 21.3.14

Oracle GraalVM for JDK 17.0.15

Oracle GraalVM for JDK 21.0.7

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Mar 26, 2025