CVE-2025-30754: 
Amazon Corretto JDK vulnerability analysis and mitigation

CVE-2025-30754 is a vulnerability affecting Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products, specifically in the JSSE (Java Secure Socket Extension) component. The affected versions include Oracle Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK versions 17.0.15, 21.0.7, and 24.0.1; and Oracle GraalVM Enterprise Edition version 21.3.14. The vulnerability was disclosed on July 15, 2025 (NVD).

The vulnerability is classified as difficult to exploit and requires network access via TLS. It has received a CVSS 3.1 Base Score of 4.8 (Medium severity) with Confidentiality and Integrity impacts. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating network attack vector, high attack complexity, no privileges required, no user interaction, unchanged scope, and low impacts on confidentiality and integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of the accessible data, as well as unauthorized read access to a subset of accessible data in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (NVD).

Oracle has released patches for the affected versions as part of the July 2025 Critical Patch Update. Red Hat has also acknowledged the vulnerability and is investigating it through their security advisory system (Red Hat Portal).