Skip to main content

CVE-2025-30761: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. in Oracle Corporation Oracle Java SE

Medium
VulnerabilityCVE-2025-30761cvecve-2025-30761
Published: Tue Jul 15 2025 (07/15/2025, 20:49:26 UTC)
Source: CVE Database V5
Vendor/Project: Oracle Corporation
Product: Oracle Java SE

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

AI-Powered Analysis

AILast updated: 07/23/2025, 01:31:27 UTC

Technical Analysis

CVE-2025-30761 is a vulnerability affecting Oracle Java SE and Oracle GraalVM Enterprise Edition, specifically within the Scripting component. The affected versions include Oracle Java SE 8u451, 8u451-perf, and 11.0.27, as well as GraalVM Enterprise Edition 21.3.14. This vulnerability allows an unauthenticated attacker with network access to exploit multiple protocols to compromise the affected Java environments. The exploitation vector involves the use of APIs in the Scripting component, such as those exposed by web services that supply data to these APIs. Additionally, this vulnerability impacts Java deployments that run sandboxed Java Web Start applications or sandboxed Java applets which load and execute untrusted code, relying on the Java sandbox for security. The root cause is related to CWE-502, which involves deserialization of untrusted data, potentially leading to unauthorized code execution or manipulation of critical data. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data accessible by Oracle Java SE or GraalVM Enterprise Edition. The CVSS 3.1 base score is 5.9, indicating a medium severity level, with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). The vulnerability is considered difficult to exploit due to the high attack complexity, but it does not require authentication or user interaction, increasing the risk surface for exposed systems. No known exploits are currently reported in the wild, and no official patches have been linked yet, emphasizing the need for proactive mitigation and monitoring.

Potential Impact

For European organizations, the impact of CVE-2025-30761 can be significant, especially for those relying heavily on Oracle Java SE and GraalVM Enterprise Edition in their enterprise applications, middleware, or cloud environments. The vulnerability allows unauthorized modification of critical data, which can lead to data integrity breaches, manipulation of business logic, or corruption of application state. This could disrupt business operations, cause financial loss, or damage reputation. Since the vulnerability affects sandboxed Java Web Start applications and applets that load untrusted code, organizations using legacy Java client applications or web services that integrate with external or third-party data sources are particularly at risk. The lack of confidentiality impact reduces the risk of data leakage but does not mitigate the serious consequences of data tampering. The medium severity score reflects the balance between the difficulty of exploitation and the potential damage. However, given the widespread use of Java in European financial institutions, government agencies, and critical infrastructure sectors, even a medium severity vulnerability can have outsized consequences if exploited. The absence of known exploits in the wild currently provides a window for remediation but should not lead to complacency.

Mitigation Recommendations

1. Immediate assessment of all Oracle Java SE and GraalVM Enterprise Edition deployments to identify affected versions (8u451, 8u451-perf, 11.0.27, and GraalVM 21.3.14). 2. Restrict network access to Java services exposing the vulnerable Scripting APIs, especially those accessible via multiple protocols, by implementing strict firewall rules and network segmentation. 3. Disable or restrict the use of Java Web Start applications and sandboxed applets that load untrusted code, or migrate to more secure application delivery mechanisms. 4. Implement input validation and sanitization on all data supplied to the vulnerable APIs to prevent exploitation via malicious payloads. 5. Monitor network traffic and application logs for unusual API calls or data manipulation attempts targeting the Scripting component. 6. Stay updated with Oracle’s security advisories for official patches or workarounds and apply them promptly once available. 7. Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting anomalous behavior related to Java scripting components. 8. Conduct security awareness training for developers and system administrators about the risks of deserialization vulnerabilities and secure coding practices to prevent similar issues.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
oracle
Date Reserved
2025-03-26T05:52:18.814Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6876c198a83201eaacd0caa5

Added to database: 7/15/2025, 9:01:12 PM

Last enriched: 7/23/2025, 1:31:27 AM

Last updated: 8/27/2025, 3:50:15 PM

Views: 34

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats