CNNVD-202510-2683 Information

Oct 21, 2025 cve

CNNVD ID

CNNVD-202510-2683

CVE-2025-53066

  • CNNVD Published: 2025-10-21

Description (Chinese)

Oracle Java SE是美国甲骨文(Oracle)公司的一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE的Oracle Java SE、Oracle GraalVM for JDK和Oracle GraalVM Enterprise Edition存在安全漏洞,该漏洞源于未经验证的攻击者可通过多种协议网络访问进行攻击,可能导致关键数据未授权访问。以下产品及版本受到影响:Oracle Java SE 8u461版本、8u461-perf版本、11.0.28版本、17.0.16版本、21.0.8版本和25版本、Oracle GraalVM for JDK 17.0.16版本和21.0.8版本以及Oracle GraalVM Enterprise Edition 21.3.15版本。

Description (English)

Oracle Java SE is a section of Oracle, United States, for the development and deployment of desktops, servers and Java applications embedded in equipment and real-time environments. Oracle Java SE, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition has a security loophole, which stems from the fact that unverified attackers can attack through multiple protocol networks, which may lead to unauthorized access to key data. The following products and versions have been affected: Oracle Java SE 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8 and 25, Oracle GraalVM for JDK 17.0.16 and 21.0.8 and Oracle GraalVM Enterprise 21.3.15.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

甲骨文

Published

2025-10-21

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpuoct2025.html

Patch

https://www.oracle.com/security-alerts/cpuoct2025.html

Share on: