CVE-2025-61748 — Improper Access Control in Corporation Oracle Graalvm Enterprise Edition
Severity
3.7LOWNVD
EPSS
0.0%
top 90.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 21
Latest updateDec 1
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successf…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4
Affected Packages6 packages
🔴Vulnerability Details
3CVEList▶
CVE-2025-61748: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2025-10-21
OSV▶
CVE-2025-61748: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2025-10-21
GHSA▶
GHSA-6ch4-24w6-v6jv: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2025-10-21