CVE-2025-30749
CVE Reference: CVE-2025-30749 - Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability via Untrusted Code Execution
Impacted Versions:
- Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM for JDK: 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM Enterprise Edition: 21.3.14
Recommended Action: No immediate action required for customers. Updates will be provided in future software releases when OpenJDK security patches become available.
Risks Taken: Proceeding with the release despite the presence of a CVE. Risk is assessed as low due to server-side deployment with trusted code only. The vulnerability specifically targets the 2D component (Java UI), which is not used in our server applications.
Remediation: Upstream vulnerability in OpenJDK base - no immediate action available until the vendor provides a fix.
CVE-2025-50059
CVE Reference: CVE-2025-50059 - Oracle Java SE and GraalVM Networking Vulnerability Allows Unauthenticated Remote Access to Sensitive Data
Impacted Versions:
- Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM for JDK: 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM Enterprise Edition: 21.3.14
Recommended Action: No immediate action required for customers. Updates will be provided in future software releases when OpenJDK security patches become available.
Risks Taken: Proceeding with the release despite the presence of a CVE. Risk is assessed as low due to server-side deployment with trusted code only.
Remediation: Upstream vulnerability in OpenJDK base - no immediate action available until the vendor provides a fix.
CVE-2025-50106
CVE Reference: CVE-2025-50106 - Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability via Untrusted API Data
Impacted Versions:
- Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM for JDK: 17.0.15, 21.0.7, 24.0.1
- Oracle GraalVM Enterprise Edition: 21.3.14
Recommended Action: No immediate action required for customers. Updates will be provided in future software releases when OpenJDK security patches become available.
Risks Taken: Proceeding with the release despite the presence of a CVE. Risk is assessed as low because the vulnerability affects the 2D component (Java UI functionality), which is not utilised by our server-side applications.
Remediation: Upstream vulnerability in OpenJDK base - no immediate action available until the vendor provides a fix.
Comments
0 comments
Please sign in to leave a comment.