CVE-2025-30691: 
Amazon Corretto JDK vulnerability analysis and mitigation

A vulnerability has been identified in Oracle Java SE's Compiler component affecting Oracle Java SE versions 21.0.6, 24, and Oracle GraalVM for JDK versions 21.0.6 and 24. This vulnerability (CVE-2025-30691) was disclosed on April 15, 2025, and allows unauthenticated attackers with network access to potentially compromise Oracle Java SE through multiple protocols (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.8 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N. The vulnerability is characterized by its network attack vector, high attack complexity, and requires no privileges or user interaction. The scope is unchanged, with low impacts on both confidentiality and integrity, and no impact on availability (Oracle CPU, NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data, as well as unauthorized read access to a subset of Oracle Java SE accessible data. The vulnerability particularly affects Java deployments running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code from the internet (Oracle CPU).

Organizations are advised to update to the latest patched versions of Oracle Java SE. For systems that require JRE but do not include it, it is recommended to update JRE to a fixed version that aligns with the product requirements (NetApp Advisory).