This security advisory from Red Hat addresses multiple vulnerabilities in IBM Java SE 8 as packaged in Red Hat Enterprise Linux 8. The update to version 8 SR8-FP50 fixes four CVEs (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50106). The vulnerabilities relate to issues categorized under CWE-122 (Heap-based Buffer Overflow) and CWE-325 (Missing Required Cryptographic Step). The advisory does not provide CVSS scores but classifies the impact as Important. The update is available for various architectures and must be applied following prior errata. No exploits are currently known in the wild. The vendor advisory does not explicitly state that the update has been released as a patch, but the presence of updated package versions and instructions to apply the update indicate that a fix is available.

The vulnerabilities fixed by this update affect IBM Java SE 8 runtime and development kit components on Red Hat Enterprise Linux 8. The impact is rated as Important by Red Hat, indicating these vulnerabilities could potentially allow security breaches if exploited. The specific CWEs suggest risks related to memory safety and cryptographic implementation. No known active exploitation has been reported. The update mitigates these risks by upgrading the affected packages to a fixed version.

Red Hat has released an updated version of the java-1.8.0-ibm package (version 1.8.0.8.50-1.el8_10) that addresses these vulnerabilities. Administrators should apply this update promptly after ensuring all previous relevant errata are installed. Detailed instructions for applying the update are available at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching by system administrators. No additional mitigation steps are specified or required beyond applying the update.