CNNVD-202510-2684 Information

Oct 21, 2025 cve

CNNVD ID

CNNVD-202510-2684

CVE-2025-61748

  • CNNVD Published: 2025-10-21

Description (Chinese)

Oracle Java SE是美国甲骨文(Oracle)公司的一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE的Oracle Java SE、Oracle GraalVM for JDK和Oracle GraalVM Enterprise Edition存在安全漏洞,该漏洞源于未经验证的攻击者可通过多种协议网络访问进行攻击,可能导致未经授权的数据更新、插入或删除。以下产品及版本受到影响:Oracle Java SE 21.0.8版本和25版本、Oracle GraalVM for JDK 21.0.8版本和Oracle GraalVM Enterprise Edition 21.3.15版本。

Description (English)

Oracle Java SE is a section of Oracle, United States, for the development and deployment of desktops, servers and Java applications embedded in equipment and real-time environments. Oracle Java SE, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition has a security gap, which stems from the fact that unverified assailants can attack through multiple protocol networks, which may lead to unauthorized data updating, insertion or deletion. The following products and versions have been affected: Oracle Java SE 21.0.8 and 25, Oracle GraalVM for JDK 21.0.8 and Oracle GraalVM Enterprise 21.3.15.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

甲骨文

Published

2025-10-21

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpuoct2025.html

Patch

https://www.oracle.com/security-alerts/cpuoct2025.html

Share on: