Oracle Java SE and GraalVM Libraries Vulnerability Allowing Unauthorized Data Access

A vulnerability has been identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the Libraries component. The affected versions include Oracle Java SE 21.0.8 and 25, Oracle GraalVM for JDK 21.0.8, and Oracle GraalVM Enterprise Edition 21.3.15. This vulnerability is difficult to exploit but allows an unauthenticated attacker with network access to compromise the affected Java environments. Successful exploitation could lead to unauthorized modification, addition, or deletion of accessible data. The vulnerability can be exploited through APIs in the Libraries component, such as via a web service that provides data to these APIs. It also affects Java deployments in clients running sandboxed Java Web Start applications or applets that load untrusted code from the internet and depend on the Java sandbox for security.

Impact

Exploitation of this vulnerability could result in unauthorized access to modify, insert, or delete certain data within the affected Java environments.