CVE-2025-61755

21.10.2025, 20:20

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
oracle	CNA	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
oracle	graalvm_for_jdk	17.0.16
oracle	graalvm_for_jdk	21.0.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Vulnerability Media Exposure

[GERMAN] Oracle Java SE: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Published: 2025-10-21T22:00:00+00:00

References

https://www.oracle.com/security-alerts/cpuoct2025.html