CVE-2025-61755Missing Authorization in Corporation Oracle Graalvm FOR JDK

CWE-862Missing Authorization5 documents4 sources
Severity
3.7LOWNVD
EPSS
0.0%
top 91.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Graalvm FOR JDKOracle Graalvm FOR JDK
Timeline
PublishedOct 21
Latest updateJan 15

Description

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentialit

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDoracle/graalvm17.0.16, 21.0.8+1
CVEListV5oracle_corporation/oracle_graalvm_for_jdk17.0.16, 21.0.8+1

🔴Vulnerability Details

2
GHSA
GHSA-67f6-jm34-mhv2: Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler)2025-10-21
CVEList
CVE-2025-61755: Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler)2025-10-21

📋Vendor Advisories

2
Oracle
Oracle Oracle Database Server Risk Matrix: GraalVM Multilingual Engine — CVE-2025-617552026-01-15
Oracle
Oracle Oracle Java SE Risk Matrix: Compiler — CVE-2025-617552025-10-15
CVE-2025-61755 — Missing Authorization | cvebase