CVE-2025-21502:The CVE-2025-21502 is a vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition that allows an unauthenticated attacker with network access via multiple protocols to compromise these systems. Successful attacks can result in unauthorized update, insert or delete access to some accessible data as well as unauthorized read access to a subset of accessible data.

splash
Back

Description Preview

This vulnerability, identified as CVE-2025-21502, affects multiple versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The vulnerability is difficult to exploit but allows an unauthenticated attacker with network access via multiple protocols to compromise these systems. Successful attacks can result in unauthorized update, insert or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Overview

The vulnerability is in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The affected versions are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. The vulnerability has a CVSS 3.1 Base Score of 4.8, indicating a medium severity level.

Remediation

As of now, there is no specific remediation provided for this vulnerability. Users are advised to monitor the official Oracle website and other trusted sources for any updates or patches that may be released to address this vulnerability.

References

  1. Oracle Advisory: https://www.oracle.com/security-alerts/cpujan2025.html
  2. Netapp Security Advisory: https://security.netapp.com/advisory/ntap-20250124-0009/
  3. Openwall: http://www.openwall.com/lists/oss-security/2025/01/25/6
  4. Debian LTS Announcement: https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html
  5. Debian LTS Announcement: https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Finance and Insurance
    Finance and Insurance
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Educational Services
    Educational Services
  7. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  8. Retail Trade
    Retail Trade
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Utilities
    Utilities
  11. Management of Companies & Enterprises
    Management of Companies & Enterprises
  12. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  13. Information
    Information
  14. Accommodation & Food Services
    Accommodation & Food Services
  15. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  16. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  17. Construction
    Construction
  18. Mining
    Mining
  19. Wholesale Trade
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database