CVE-2025-61755

EUVD-2025-35254

21.10.2025, 20:20

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and  21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
oracle	CNA	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
oracle	graalvm_for_jdk	17.0.16
oracle	graalvm_for_jdk	21.0.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://www.oracle.com/security-alerts/cpuoct2025.html