Cyber Resilience

CVE-2025-30749

High

Published: 15 July 2025

Published
15 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0212 84.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30749 is a high-severity an unspecified weakness vulnerability in Oracle Jre. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-18 (Mobile Code).

Deeper analysis

CVE-2025-30749 is a vulnerability in the 2D component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected releases include Oracle Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1; GraalVM for JDK versions 17.0.15, 21.0.7, and 24.0.1; and GraalVM Enterprise Edition 21.3.14. The flaw carries a CVSS 3.1 base score of 8.1 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

An unauthenticated network attacker can exploit the issue over multiple protocols to achieve full takeover of affected Java runtimes. The vulnerability is relevant only to client-side deployments that execute untrusted code inside the Java sandbox, such as applets or Web Start applications loaded from the internet; server-side deployments that run only trusted code are unaffected. Successful exploitation requires the attacker to overcome high attack complexity.

Oracle addressed the issue in the July 2025 Critical Patch Update. Debian LTS advisories also reference the fix for supported distributions. The associated EPSS score has remained flat at 0.0212 with no observed increase after disclosure.

EU & UK References

Vulnerability details

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK:…

more

17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Sandbox escape in client-side Java (applets/Web Start) directly enables client application exploitation for code execution and privilege escalation to full system compromise.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-50106Same product: Oracle Graalvm
CVE-2025-50059Same product: Oracle Graalvm
CVE-2026-21932Same product: Oracle Graalvm
CVE-2026-21945Same product: Oracle Graalvm
CVE-2026-22016Same product: Oracle Graalvm
CVE-2026-34282Same product: Oracle Graalvm
CVE-2025-21532Same vendor: Oracle
CVE-2026-21955Same vendor: Oracle
CVE-2026-35243Same vendor: Oracle
CVE-2026-21957Same vendor: Oracle

Affected Assets

oracle
jre
1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1
oracle
jdk
1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1
oracle
graalvm for jdk
17.0.15, 21.0.7, 24.0.1
oracle
graalvm
21.3.14

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-30749 by requiring identification, reporting, and timely patching of the flaw in the Oracle Java SE 2D component across affected versions.

prevent

Protects against exploitation in client deployments running sandboxed Java Web Start applications or applets by implementing safeguards for mobile code technologies loading untrusted internet code.

detectrespond

Enables proactive identification of systems with vulnerable Oracle Java SE, GraalVM for JDK, or Enterprise Edition versions through regular vulnerability scanning and risk-based remediation.

References