Networking Vulnerability in Oracle Java SE and GraalVM Products
CVE-2025-50059

8.6HIGH

Key Information:

Vendor: Oracle
Status: Oracle Java Se; Oracle Graalvm For Jdk; Oracle Graalvm Enterprise Edition
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-50059?

A networking vulnerability in Oracle's Java SE and GraalVM products allows unauthenticated attackers with network access to exploit the system via multiple protocols. This vulnerability is particularly concerning for Java deployments that run untrusted code, which may lead to unauthorized access to sensitive data. Successful exploitation could result in complete access to all data the affected products can access. This highlights the importance of securing Java environments, especially in scenarios where sandboxed applications are utilized.

Affected Version(s)

Oracle GraalVM Enterprise Edition 21.3.14

Oracle GraalVM for JDK 17.0.15

Oracle GraalVM for JDK 21.0.7

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 11, 2025