CVE-2025-21587

Published Apr 15, 2025

Last updated 16 days ago

CVSS high 7.4

Overview

Description
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Source
secalert_us@oracle.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.4
Impact score
5.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-284

Social media

Hype score
Not currently trending

  1. URGENT: Patch #Java 8 OpenJDK now! 🔴 CVE-2025-21587 (CVSS 9.1) lets attackers modify critical data via JSSE. 🔴 Impacts #SUSE Linux, SAP, cloud infra. 🔗 Patch guide: 👉 https://t.co/Z4k2OgxZq7 https://t.co/0LbLc8RQX3

    @Cezar_H_Linux

    10 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Critical Java 8 OpenJDK Update! ⚠️ CVE-2025-21587 (CVSS 9.1) lets attackers modify/delete data via JSSE. Patch now if you use SUSE Linux 12 SP5! 👉 https://t.co/z7u1b56Bfp #Java #Security #Linux #DevOps https://t.co/5IBuLyGSxJ

    @Cezar_H_Linux

    10 May 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Critical OpenJDK 24 vulns patched: CVE-2025-21587 (RSA padding leak) CVE-2025-30691 (compiler RCE) CVE-2025-30698 (2D mem corruption) Ubuntu users: Update NOW then restart Java apps.👉https://t.co/PfYjRmASd9 #Ubuntu #Security https://t.co/QCibrjSWmn

    @Cezar_H_Linux

    6 May 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔴 #Oracle #Java SE, TLS/SSL Vulnerability, #CVE-2025-21587 (Critical) https://t.co/0Kn12SoPe0

    @dailycve

    29 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2025-21587 🔴 HIGH (7.4) 🏢 Oracle Corporation - Oracle Java SE 🏗️ 8u441 🔗 https://t.co/HmKVfHYw44 #CyberCron #VulnAlert #InfoSec https://t.co/TJexze2ZDo

    @cybercronai

    16 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. �� CVE-2025-21587 - Oracle Java SE - HIGH 🚨 🗓️ Date published 2025-04-15 21:15:54 UTC #OracleJavaSE #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/6PNhAhJPia

    @vulns_space

    15 Apr 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-21587 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that a… https://t.co/uQjr8uWhGs

    @CVEnew

    15 Apr 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.