CVE-2025-50106
Published: 15 July 2025
Summary
CVE-2025-50106 is a high-severity an unspecified weakness vulnerability in Oracle Jre. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-50106 is a vulnerability in the 2D component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. It affects Oracle Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, and 24.0.1, along with corresponding GraalVM for JDK releases 17.0.15, 21.0.7, and 24.0.1, and GraalVM Enterprise Edition 21.3.14. The flaw carries a CVSS 3.1 base score of 8.1 with impacts to confidentiality, integrity, and availability.
An unauthenticated attacker with network access via multiple protocols can exploit the issue, though doing so is rated difficult. Successful exploitation grants full takeover of the affected Java runtime. The vulnerability can be reached through APIs that supply data to the 2D component or by loading untrusted code in sandboxed Java Web Start applications or applets that rely on the Java security sandbox.
Oracle's July 2025 Critical Patch Update and subsequent Debian LTS advisories address the flaw through updated Java packages. The EPSS score remains flat at 0.0101 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21474
Vulnerability details
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK:…
more
17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote exploitation of Java 2D APIs (via web services or untrusted applet/Web Start code) leading to full product takeover, directly mapping to public-facing app exploitation, client-side execution, and privilege escalation/sandbox escape.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring identification, reporting, and correction of the specific flaw in the Java 2D component through timely application of Oracle Critical Patch Update patches.
Scans for and detects vulnerable versions of Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition affected by this 2D vulnerability, enabling prioritized remediation within defined risk-based timeframes.
Prevents exploitation vectors involving sandboxed Java Web Start applications or applets loading untrusted code from the internet by enforcing organizational policy on mobile code execution.