Vulnerability in Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and  24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as  unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 23 Jun 2025 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Netapp Netapp bootstrap Os Netapp hci Compute Node Oracle Oracle graalvm For Jdk Oracle jdk Oracle jre | |
| CPEs | cpe:2.3:a:oracle:graalvm_for_jdk:21.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:24:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:21.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:24:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:21.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:24:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* | |
| Vendors & Products | Netapp Netapp bootstrap Os Netapp hci Compute Node Oracle Oracle graalvm For Jdk Oracle jdk Oracle jre | 
Wed, 14 May 2025 03:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:/o:redhat:enterprise_linux:10.0 | 
Sat, 19 Apr 2025 01:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Thu, 17 Apr 2025 05:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Redhat openjdk Redhat openjdk Els Redhat rhel Els | |
| CPEs | cpe:/a:redhat:openjdk:1.8 cpe:/a:redhat:openjdk:1.8::windows cpe:/a:redhat:openjdk:11 cpe:/a:redhat:openjdk:11::windows cpe:/a:redhat:openjdk:17 cpe:/a:redhat:openjdk:17::windows cpe:/a:redhat:openjdk:21 cpe:/a:redhat:openjdk:21::windows cpe:/a:redhat:openjdk_els:11::el7 cpe:/a:redhat:openjdk_els:11::el8 cpe:/a:redhat:openjdk_els:11::el9 cpe:/a:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_els:7 | |
| Vendors & Products | Redhat openjdk Redhat openjdk Els Redhat rhel Els | 
Wed, 16 Apr 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-284 | |
| Metrics | ssvc 
 | 
Wed, 16 Apr 2025 14:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Title | openjdk: Improve compiler transformations (Oracle CPU 2025-04) | |
| First Time appeared | Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus | |
| Weaknesses | CWE-120 | |
| CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 | |
| Vendors & Products | Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus | |
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Tue, 15 Apr 2025 20:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: oracle
Published: 2025-04-15T20:31:03.084Z
Updated: 2025-04-19T00:11:10.891Z
Reserved: 2025-03-25T20:11:18.262Z
Link: CVE-2025-30691
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-04-19T00:11:10.891Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-04-15T21:15:58.360
Modified: 2025-06-23T17:54:13.107
Link: CVE-2025-30691
 Redhat
                        Redhat