CVE-2025-50059

High

Published: 15 July 2025

Published

15 July 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0014 33.9th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50059 is a high-severity Improper Access Control (CWE-284) vulnerability in Oracle Jre. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-18 (Mobile Code).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely remediation of known flaws like CVE-2025-50059 through patching the affected Oracle Java SE and GraalVM versions.

SC-18 Mobile Code good match

prevent

Addresses client-side Java deployments by enforcing policies for mobile code such as sandboxed Java Web Start applications and applets that load untrusted code from the internet.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables identification of vulnerable Java versions via scanning and monitoring, facilitating prompt detection and remediation of this networking vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Direct client-side Java sandbox bypass in applets/Web Start enables exploitation for client execution of untrusted code.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,…

21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Deeper analysisAI

CVE-2025-50059 is a vulnerability in the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1; Oracle GraalVM for JDK 17.0.15, 21.0.7, and 24.0.1; and Oracle GraalVM Enterprise Edition 21.3.14. The issue, associated with CWE-284 (Improper Access Control), carries a CVSS 3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), indicating high confidentiality impact with no integrity or availability effects.

An unauthenticated attacker with network access via multiple protocols can easily exploit this vulnerability to compromise the affected Java products. Successful exploitation grants unauthorized access to critical data or complete access to all data accessible by the Java SE, GraalVM for JDK, or GraalVM Enterprise Edition processes, with a scope change that may significantly impact additional products. The vulnerability specifically applies to client-side Java deployments, such as sandboxed Java Web Start applications or Java applets, that load and run untrusted code from the internet while relying on the Java sandbox for security; it does not affect server-side deployments that load only trusted code installed by administrators.

Oracle's Critical Patch Update for July 2025 (cpujul2025.html) details patches for the affected versions. Debian LTS announcements from July and August 2025 address the issue with backported fixes for relevant distributions. Security practitioners should apply these updates promptly to mitigate the risk.

Details

CWE(s): CWE-284

Affected Products

oracle

jre

1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1

oracle

jdk

1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1

oracle

graalvm for jdk

17.0.15, 21.0.7, 24.0.1

oracle

graalvm

21.3.14

CVEs Like This One

CVE-2026-21932Same product: Oracle Graalvm

CVE-2025-30749Same product: Oracle Graalvm

CVE-2025-50106Same product: Oracle Graalvm

CVE-2026-34282Same product: Oracle Graalvm

CVE-2026-21945Same product: Oracle Graalvm

CVE-2026-22016Same product: Oracle Graalvm

CVE-2026-22011Same vendor: Oracle

CVE-2025-50105Same vendor: Oracle

CVE-2026-34287Same vendor: Oracle

CVE-2026-35242Same vendor: Oracle

References

https://www.oracle.com/security-alerts/cpujul2025.html
Vendor Advisory · secalert_us@oracle.com
https://lists.debian.org/debian-lts-announce/2025/07/msg00011.html
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/08/msg00014.html
af854a3a-2127-422b-91ae-364da2661108