Oracle Java SE Compiler Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability has been identified in Oracle Java SE, specifically in the Compiler component, affecting versions 21.0.6, 24, and Oracle GraalVM for JDK 21.0.6 and 24. This vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Exploitation of this vulnerability could lead to unauthorized read access to certain data, as well as unauthorized update, insert, or delete access to some accessible data. The vulnerability can be exploited through APIs in the affected component, such as via a web service that provides data to these APIs. It also impacts Java deployments in clients running sandboxed Java Web Start applications or applets that load untrusted code from the internet and depend on the Java sandbox for security.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, update, insert, or delete data within Oracle Java SE.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Java SE Compiler Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating