CVE-2025-30749
Published: 15 July 2025
Summary
CVE-2025-30749 is a high-severity an unspecified weakness vulnerability in Oracle Jre. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 27.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-18 (Mobile Code).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-30749 by requiring identification, reporting, and timely patching of the flaw in the Oracle Java SE 2D component across affected versions.
Protects against exploitation in client deployments running sandboxed Java Web Start applications or applets by implementing safeguards for mobile code technologies loading untrusted internet code.
Enables proactive identification of systems with vulnerable Oracle Java SE, GraalVM for JDK, or Enterprise Edition versions through regular vulnerability scanning and risk-based remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape in client-side Java (applets/Web Start) directly enables client application exploitation for code execution and privilege escalation to full system compromise.
NVD Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK:…
more
17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Deeper analysisAI
CVE-2025-30749 is a vulnerability in the 2D component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1; Oracle GraalVM for JDK 17.0.15, 21.0.7, and 24.0.1; and Oracle GraalVM Enterprise Edition 21.3.14. The issue carries a CVSS 3.1 base score of 8.1 with vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impacts.
An unauthenticated attacker with network access via multiple protocols can exploit this difficult-to-exploit vulnerability (high attack complexity) to compromise the affected Java products, potentially resulting in full takeover. It specifically applies to Java deployments in clients running sandboxed Java Web Start applications or applets that load and run untrusted code from the internet while relying on the Java sandbox for security; it does not affect server deployments that load only trusted code installed by administrators.
Oracle's Critical Patch Update for July 2025 details the vulnerability and recommends applying the latest security patches to supported versions. Debian LTS announcements confirm backported fixes for affected packages in their repositories.
Details
- CWE(s)