CVE-2025-61748 is a vulnerability identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically impacting versions 21.0.8 and 25 for Java SE, 21.0.8 for GraalVM for JDK, and 21.3.15 for GraalVM Enterprise Edition. The flaw resides in the Libraries component and can be exploited remotely by an unauthenticated attacker with network access via multiple protocols. The attack vector involves leveraging APIs exposed by the affected components, such as web services that supply data to these APIs. The vulnerability allows unauthorized modification actions—update, insert, or delete—on data accessible through these APIs. This is particularly relevant for Java deployments running sandboxed Java Web Start applications or sandboxed Java applets that load untrusted code from the internet and rely on the Java sandbox for security. The vulnerability does not affect confidentiality or availability but impacts data integrity. Exploitation is considered difficult due to high attack complexity, and no privileges or user interaction are required. The CVSS 3.1 base score is 3.7, reflecting a low severity primarily due to the limited impact and exploitation difficulty. No public exploits or active exploitation in the wild have been reported. The underlying weakness aligns with CWE-284 (Improper Access Control), indicating insufficient enforcement of access controls on the affected APIs.

For European organizations, the primary impact of CVE-2025-61748 lies in the potential unauthorized modification of data within Oracle Java SE and GraalVM environments. This could affect applications relying on these Java runtimes, especially those exposing APIs or running sandboxed Java Web Start applications or applets that process untrusted code. While confidentiality and availability remain intact, integrity breaches could lead to data corruption, unauthorized transactions, or manipulation of application state, potentially undermining trust in critical business processes. Organizations in sectors such as finance, government, and critical infrastructure that use Oracle Java technologies extensively may face risks of data tampering. However, the difficulty of exploitation and lack of known active exploits reduce immediate threat levels. Still, the presence of network access as an attack vector means that exposed services or APIs could be targeted if not properly secured. The impact is more pronounced in environments where Java applications handle sensitive or regulated data and where integrity is paramount for compliance and operational reliability.

European organizations should implement the following specific mitigations: 1) Identify and inventory all Oracle Java SE and GraalVM deployments, focusing on versions 21.0.8 and 25 for Java SE and corresponding GraalVM versions. 2) Restrict network access to APIs exposed by these Java runtimes, especially those accessible over multiple protocols, using network segmentation, firewalls, and access control lists to limit exposure. 3) Apply strict input validation and enforce robust access controls on APIs to prevent unauthorized data modification. 4) Where possible, disable or limit the use of Java Web Start applications and sandboxed applets that load untrusted code, or migrate to more secure deployment models. 5) Monitor logs and network traffic for unusual update, insert, or delete operations on Java-accessible data stores. 6) Stay updated with Oracle security advisories for patches or workarounds, and plan timely patching once available. 7) Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) tools to detect anomalous behavior related to Java processes. 8) Educate developers and administrators about the risks of loading untrusted code in Java sandboxes and encourage secure coding practices to minimize attack surface.