Cyber Posture

CVE-2025-50106

High

Published: 15 July 2025

Published
15 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 51.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50106 is a high-severity an unspecified weakness vulnerability in Oracle Jre. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the vulnerability by requiring identification, reporting, and correction of the specific flaw in the Java 2D component through timely application of Oracle Critical Patch Update patches.

RA-5 Vulnerability Monitoring and Scanning good match
detectrespond

Scans for and detects vulnerable versions of Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition affected by this 2D vulnerability, enabling prioritized remediation within defined risk-based timeframes.

SC-18 Mobile Code partial match
prevent

Prevents exploitation vectors involving sandboxed Java Web Start applications or applets loading untrusted code from the internet by enforcing organizational policy on mobile code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability enables remote exploitation of Java 2D APIs (via web services or untrusted applet/Web Start code) leading to full product takeover, directly mapping to public-facing app exploitation, client-side execution, and privilege escalation/sandbox escape.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK:…

more

17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Deeper analysisAI

CVE-2025-50106 is a vulnerability in the 2D component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. Affected versions include Oracle Java SE 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1; Oracle GraalVM for JDK 17.0.15, 21.0.7, and 24.0.1; and Oracle GraalVM Enterprise Edition 21.3.14. Published on 2025-07-15, it carries a CVSS 3.1 Base Score of 8.1 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impacts.

An unauthenticated attacker with network access via multiple protocols can exploit this difficult-to-exploit vulnerability (high attack complexity). Exploitation is possible by using APIs in the 2D component, such as through a web service supplying data to the APIs. It also applies to Java deployments like clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code from the internet while relying on the Java sandbox for security. Successful attacks result in takeover of the affected Oracle Java SE, GraalVM for JDK, or GraalVM Enterprise Edition products.

Mitigation details are provided in the Oracle Critical Patch Update for July 2025 and Debian LTS announcements, including patches for supported versions. Security practitioners should apply these updates promptly to affected systems.

Details

CWE(s)
NVD-CWE-noinfo

Affected Products

oracle
jre
1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1
oracle
jdk
1.8.0, 11.0.27, 17.0.15, 21.0.7, 24.0.1
oracle
graalvm for jdk
17.0.15, 21.0.7, 24.0.1
oracle
graalvm
21.3.14

CVEs Like This One

CVE-2025-30749Same product: Oracle Graalvm
CVE-2026-22016Same product: Oracle Graalvm
CVE-2025-50059Same product: Oracle Graalvm
CVE-2026-21932Same product: Oracle Graalvm
CVE-2026-34282Same product: Oracle Graalvm
CVE-2026-21945Same product: Oracle Graalvm
CVE-2025-21556Same vendor: Oracle
CVE-2025-30751Same vendor: Oracle
CVE-2026-22011Same vendor: Oracle
CVE-2026-34309Same vendor: Oracle

References