Oracle Java SE and GraalVM Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The affected versions include Oracle Java SE 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, and 25.0.1, as well as Oracle GraalVM for JDK 17.0.17 and 21.0.9, and Oracle GraalVM Enterprise Edition 21.3.16. This vulnerability allows an unauthenticated attacker with network access to compromise these Java environments, particularly in client-side deployments running sandboxed Java Web Start applications or applets that execute untrusted code from the internet. Exploitation of this vulnerability can lead to a complete denial-of-service, causing the Java application or environment to hang or crash frequently and repetitively.

Impact

Exploitation of this vulnerability can cause a complete denial-of-service, leading to a frequent and repeatable crash or hang of the affected Java environment.