CVE-2025-30749: 
Amazon Corretto JDK vulnerability analysis and mitigation

A vulnerability has been identified in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products (component: 2D). The affected versions include Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7, 24.0.1; and Oracle GraalVM Enterprise Edition: 21.3.14. The vulnerability was disclosed on July 15, 2025 (Oracle CPU).

The vulnerability is classified as difficult to exploit and requires network access via multiple protocols. It has been assigned a CVSS 3.1 Base Score of 8.1 (High) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates high impacts on confidentiality, integrity, and availability, with network-based attack vector, high attack complexity, and no requirements for privileges or user interaction (Oracle CPU).

Successful exploitation of this vulnerability can result in complete takeover of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The vulnerability specifically affects Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets (NVD).

Oracle has released security patches as part of the July 2025 Critical Patch Update. Red Hat has also issued updates for their OpenJDK builds to address this vulnerability. Users are strongly advised to apply these security patches as soon as possible. The vulnerability does not affect Java deployments that load and run only trusted code installed by administrators (RHSA, Oracle CPU).