CVE-2025-30698 is a vulnerability in the 2D component of Oracle Java SE and Oracle GraalVM products, including Oracle Java SE versions 8u441, 11.0.26, 17.0.14, 21.0.6, and 24, as well as Oracle GraalVM for JDK and Enterprise Edition versions 20.3.17 and 21.3.13. The flaw allows an unauthenticated attacker with network access to exploit multiple protocols to compromise the affected Java runtimes. The vulnerability arises from improper access control (CWE-284) in the Java sandbox environment, which is designed to isolate untrusted code such as Java Web Start applications or applets loaded from the internet. Successful exploitation can lead to unauthorized read and write operations on accessible data within the Java environment, including update, insert, or delete actions, and can also cause a partial denial of service. The vulnerability does not affect server-side Java deployments that only run trusted code installed by administrators. The attack complexity is high, requiring network access but no authentication or user interaction. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) indicates network attack vector, high attack complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. No public exploits or patches are currently available, but affected organizations should monitor Oracle advisories closely and prepare to apply updates once released.

For European organizations, this vulnerability poses a risk primarily to client-side Java applications that load untrusted code, such as legacy Java Web Start applications or sandboxed applets used in internal or partner-facing tools. Exploitation could lead to unauthorized data manipulation or disclosure within the Java runtime environment, potentially compromising sensitive data or application integrity. Partial denial of service could disrupt business operations relying on Java clients. Although the impact is limited compared to server-side vulnerabilities, organizations in sectors with heavy Java client usage—such as financial services, manufacturing, and government—may face operational risks. The difficulty of exploitation and lack of known active exploits reduce immediate threat levels, but the widespread use of Oracle Java SE and GraalVM in Europe means many endpoints could be vulnerable if exposed to untrusted networks. This is especially relevant for organizations that have not yet migrated away from Java Web Start or applets and still rely on these technologies for legacy applications.

Organizations should inventory their use of Oracle Java SE and GraalVM versions to identify affected deployments, focusing on client-side environments running sandboxed Java Web Start applications or applets. Immediate mitigation includes restricting network access to these Java clients, especially blocking untrusted or internet-facing network traffic to prevent exploitation. Administrators should disable or remove Java Web Start and applet support where possible, migrating legacy applications to modern, supported technologies. Applying Oracle security patches promptly once available is critical. Additionally, implementing network segmentation and endpoint protection can reduce exposure. Monitoring network traffic for unusual protocol activity targeting Java clients can help detect attempted exploitation. Educating users about the risks of running untrusted Java code and enforcing strict code signing policies will further reduce risk. Finally, organizations should review and harden Java sandbox configurations to limit the potential impact of any exploitation.