Oracle Java SE and GraalVM AWT/JavaFX Component Vulnerability Allowing Unauthorized Data Modification

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition, specifically within the AWT and JavaFX components. Affected versions include Oracle Java SE 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, and 25.0.1, as well as Oracle GraalVM for JDK versions 17.0.17 and 21.0.9, and Oracle GraalVM Enterprise Edition 21.3.16. This vulnerability allows an unauthenticated attacker with network access to compromise the affected Java environments, particularly in client-side deployments that use sandboxed Java Web Start applications or applets loading untrusted code from the internet. Exploitation requires human interaction from a third party, and while the vulnerability is contained within the Java environments, it could significantly impact other products. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, or any data accessible through the affected Java environments.

Impact

Exploitation of this vulnerability could result in unauthorized access to modify, create, or delete critical data, or any data accessible through the affected Java environments.